AkShare Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AkShare-based Chinese stock analysis helper with expected network data fetching and optional report files, with no evidence of hidden credential access, destructive actions, or unrelated behavior.

Install only if you want Chinese stock analysis using AkShare. Be aware that generated reports persist under /data/stock-reports and that HTML reports load browser script content, so open only reports you intentionally created and trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger description is overly broad because it activates for virtually any request involving 港股, A股, 中概股, or investment/trading analysis of Chinese companies, even when the user may only want general information. This can cause unintended invocation, leading the agent to route unrelated or higher-risk financial queries into this skill and produce analysis beyond the user’s intended scope.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal