Back to skill

Security audit

A Stock Daily Review

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed A-share market recap generator, but users should treat its beginner trading guidance as non-professional financial commentary.

Install only if you are comfortable with the skill writing local daily recap files to the stated path and calling market-data/web tools. Treat any position-size or sector guidance as educational commentary, not personalized financial advice, and verify market data before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill goes beyond neutral market review and instructs the agent to provide personalized-style investment guidance such as suggested position sizing, sectors to watch, risks to avoid, and trading discipline for beginners. This can steer user financial decisions without suitability checks, disclosures, or regulatory safeguards, increasing the risk of harmful or inappropriate advice.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill automatically writes a Markdown file to a fixed local path without requiring an upfront user confirmation or clearly warning that disk writes will occur. This can create unintended persistence of potentially sensitive user activity, overwrite existing files, or violate user expectations about local file system access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.