Akshare Router Cn

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Chinese market-data router that uses local helper scripts for public AKShare financial data and shows no evidence of hidden access, persistence, credential use, or destructive behavior.

Before installing, understand that the skill may run local Python scripts that depend on akshare and pandas and make network requests to public financial-data providers through AKShare. Review proposed script commands before execution and install dependencies only from trusted package sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The keyword map contains broad generic triggers such as terms equivalent to 'from', 'to', 'current', and 'latest', which are common in ordinary user requests and can cause incorrect intent classification or slot-filling. In a routing layer, this can misdirect requests to the wrong market-data or compute path, producing unintended data access, wrong analysis, or unreliable automated behavior.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal