Back to skill

Security audit

Finance Omni Risk

Security checks across malware telemetry and agentic risk

Overview

This is a text-only financial risk management guidance skill with no executable code, persistence, credential use, or hidden data access.

Install only if you want Chinese-first financial risk management assistance. Treat regulatory and compliance statements as draft guidance to verify against current official sources, avoid sharing confidential customer data unless your environment is approved for it, and keep final risk or legal decisions with qualified staff.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill declares Chinese as the primary language without any indication that the user can choose another language. This can override user preference, reduce accessibility, and in a financial-risk context may increase the chance of misunderstanding compliance or risk guidance when users are more comfortable in another language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.