Back to skill

Security audit

Financial Analytics Pro

Security checks across malware telemetry and agentic risk

Overview

The skill’s visible code is a local financial file analyzer, but its documentation advertises sensitive bank, accounting, and investment integrations without enough scoping or safety details.

Treat this as a local CSV/Excel financial analysis helper unless the publisher provides reviewed integration code and clear credential-scope, privacy, and revocation documentation. Install dependencies in an isolated environment, avoid connecting real bank/accounting/brokerage accounts, and protect generated reports because they can contain sensitive financial information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly designed to ingest highly sensitive financial, banking, accounting, and investment data through third-party integrations and export it into multiple formats, yet the description provides no user-facing warnings about credential handling, data sharing, storage, or export risks. In this context, omission of privacy and security warnings can mislead users into connecting regulated or confidential financial data without understanding exposure to external APIs, local files, dashboards, or reports.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.