Elliott Wave

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Elliott Wave technical-analysis reference skill with no code, credentials, data access, persistence, or install hooks.

Install this only if you want a Chinese-language Elliott Wave reference for chart discussions. Be aware it may activate on broad terms like Fibonacci, and verify any trading interpretation independently before acting on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation examples include several broad finance-analysis terms such as "波浪理论", "数浪", and especially "斐波那契", which can appear in many trading or math contexts outside this skill's intended scope. That can cause accidental invocation and route users into specialized financial-analysis guidance they did not request, reducing predictability and increasing the chance of inappropriate advice in a sensitive finance context.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill metadata and description are entirely in Chinese and imply Chinese-language interaction without stating whether other languages are supported. This is not directly a security exploit, but it can create usability and consent issues if the skill activates for users who did not intend a Chinese-only experience, especially when discussing financial analysis where misunderstandings matter.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal