Security audit

主板股票查询

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uses Python to fetch public A-share stock listings from Baostock and save local JSON/CSV results.

Install only if you are comfortable with the script making a public Baostock network request and writing JSON/CSV files locally. For better reproducibility, pin baostock and pandas versions when installing in production or a shared environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Unpinned Dependencies

Low

Category: Supply Chain
Content: "author": "飞书助手", "license": "MIT", "dependencies": { "baostock": "^1.0", "pandas": "^2.0" } }
Confidence: 86% confidence
Finding: "baostock": "^1.0"

Unpinned Dependencies

Low

Category: Supply Chain
Content: "license": "MIT", "dependencies": { "baostock": "^1.0", "pandas": "^2.0" } }
Confidence: 90% confidence
Finding: "pandas": "^2.0"

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.