Security audit

A Stock Research

Security checks across malware telemetry and agentic risk

Overview

This skill is a stock-research guide that points users to external market-data tools, with no hidden automation or privileged behavior in the reviewed artifacts.

Before installing or invoking the example commands, treat this as a guide to external stock-analysis packages. Verify the npx package publishers, consider pinning versions, and avoid entering sensitive portfolio details unless you understand where those tools store or send watchlist and portfolio data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill documentation is entirely in Chinese and does not provide a language choice, translation, or opt-in, which can prevent users and reviewers from understanding what the skill does before invoking it. In a security-sensitive agent environment, language opacity reduces informed consent and may hide risky behaviors, commands, or external data handling from non-Chinese-speaking operators.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.