jrj-quote-skill金融界A股行情数据
Security checks across malware telemetry and agentic risk
Overview
This skill appears to do what it claims: fetch JRJ A-share quote/K-line data using a JRJ API key and compute indicators locally.
Install only if you trust JRJ and are comfortable providing a JRJ_API_KEY. Keep the key scoped and rotate it if exposed; ensure Node is available; leave JRJ_API_URL unset unless intentionally using a trusted JRJ-compatible HTTPS endpoint. The skill provides market data and technical indicators, not guaranteed investment advice.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
60/60 vendors flagged this skill as clean.