Capital Flow Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Chinese A-share capital-flow helper with expected external market-data lookups and no evidence of hidden or destructive behavior.

Reasonable to install for stock capital-flow analysis experiments. Be aware that stock codes may be queried through akshare and its upstream data sources, dependencies are not version-pinned, and the advertised Dragon Tiger List function appears missing in this version.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The description is too broad and underspecified for a finance-related skill, which increases the chance that an agent invokes it in the wrong context or without sufficient user intent. In capital-markets workflows, ambiguous routing can lead to inappropriate data access, misleading analysis, or unintended financial decision support.

Natural-Language Policy Violations

Medium

Confidence: 78% confidence
Finding: A description that is only in Chinese without clarifying locale expectations can cause agent-selection errors in multilingual environments and may make the skill's purpose opaque to orchestrators or reviewers. This is primarily a quality and governance risk, but in financial contexts it can still contribute to incorrect tool invocation or misunderstood outputs.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal