Alpha Vantage API
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward Alpha Vantage financial-data lookup tool, with a minor API-key storage hygiene issue to be aware of.
Install only if you are comfortable with the script sending requested symbols or currency pairs, plus your API key if configured, to Alpha Vantage. If you use your own key, avoid running the apikey command in shared or logged terminals, and protect or delete config.json when you no longer need it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.