基金新闻日报
Security checks across malware telemetry and agentic risk
Overview
This skill fetches public fund-news results and can generate a local Word report, with no evidence of hidden, destructive, or credential-seeking behavior.
Before installing, expect outbound searches to third-party financial/news search services and local Word document creation for range queries. In stricter environments, pin or review the npm and pip dependencies and choose an explicit report output path.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.