Back to plugin

Security audit

a-stock-data-quant

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill is mostly purpose-aligned, but it embeds an API key and sends finance queries to third-party services without clear privacy scoping or opt-in.

Install only if you are comfortable with finance symbols, search terms, and AI prompts being sent to external providers such as Eastmoney, Tencent, Baidu, Hexin, and news APIs. Remove and rotate the bundled Eastmoney API key before use, prefer your own secret via environment variable, and avoid entering proprietary trading strategies or sensitive portfolio details into the AI commands.

VirusTotal

65/65 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
config.yaml:27
Evidence
em_api_key: "[REDACTED]"

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
README.md:293
Evidence
em_api_key: "[REDACTED]"