tradedaily

Security checks across malware telemetry and agentic risk

Overview

This is a coherent trading workflow helper, but users should treat portfolio examples and generated reports as sensitive financial information.

Before installing, replace or delete the sample portfolio data, keep generated reports private, and avoid sharing account values, positions, or trade records in broader chats or logs. Only run the risk monitor if you are comfortable sending stock symbols to Tencent’s market-data endpoint over HTTP. Treat the stop-loss and take-profit rules as decision-support templates, not automatic financial advice or trading authority.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The skill includes detailed examples of holdings, asset values, cash balances, and trading records without any confidentiality warning or guidance on safe handling. In a trading context, this data is highly sensitive and could expose account size, strategy, positions, and timing information if copied into chats, logs, or reports shared beyond intended recipients.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal