Financial Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a financial analysis helper with a real reliability bug in risk assessment, but no evidence of hidden access, persistence, exfiltration, or destructive behavior.

Install only if you are comfortable treating it as an experimental decision-support calculator. Do not rely on it for investment, lending, or business decisions without independently checking the formulas and fixing or avoiding the broken comprehensive risk assessment path.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 99% confidence
Finding: The `_assess_risk` method calls nonexistent methods on the `FinancialStatements` data object: `fs.debt_to_equity(...)` and `fs.interest_coverage(...)`. This will raise an `AttributeError` whenever risk assessment runs, causing analysis to fail and creating a denial-of-service condition for any consumer of this skill. In a financial analysis context, this is more dangerous because risk scoring is a core feature, so the bug reliably breaks a high-value path rather than an obscure edge case.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal