Quant Risk Dashboard

Security checks across malware telemetry and agentic risk

Overview

This is a local quantitative risk dashboard with an optional webhook alert example that users should configure carefully.

Install it in an isolated Python environment, pin dependencies if using it seriously, and validate the simplified risk calculations before relying on them. If enabling webhook alerts, use only trusted HTTPS endpoints and avoid sending sensitive portfolio, exposure, or trading details off-system.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The webhook example transmits alert content to an externally configured endpoint via an environment variable without any warning, validation, or guidance about outbound data handling. In a risk dashboard context, alerts may include sensitive portfolio, exposure, or trading-risk information, so this normalizes exfiltration of operationally sensitive data to third-party services.

VirusTotal

No VirusTotal findings

View on VirusTotal