Back to skill

Security audit

Trade Signal

Security checks across malware telemetry and agentic risk

Overview

The skill’s market-data API use is disclosed, but its search script handles the query unsafely and could run local code if given a specially crafted question.

Review carefully before installing or running. The external API call is expected for this skill, but the helper script should be fixed so user questions are passed as data rather than embedded into Python code. Treat outputs as research support, not automatic financial advice.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.