Finance Data Analysis

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This appears to be a financial analysis helper with no malware signals, but users should be careful about when it activates and what financial data they provide.

Install only if you want a finance-oriented analysis assistant. Do not paste confidential, nonpublic, personal, customer, or regulated financial data unless your organization allows it, and be explicit that you want finance-specific analysis so the broad triggers do not activate unintentionally.

SkillSpector (2)

By NVIDIA

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list is broad and contains generic terms such as data analysis, financial analysis, Python analysis, and SQL queries that overlap with many normal user requests. This can cause unintended activation in unrelated contexts, increasing the chance that sensitive financial workflows or authoritative-seeming analysis are invoked without clear user intent or appropriate scoping.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill is explicitly designed for financial data analysis but does not warn users about handling confidential or regulated financial information. In practice, users may paste nonpublic financials, customer data, or regulated disclosures into the skill without being prompted to sanitize data, creating privacy, compliance, and data-governance risk.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal