Security audit
Trade Signal
Security checks across malware telemetry and agentic risk
Overview
The skill’s market-data API use is disclosed, but its search script handles the query unsafely and could run local code if given a specially crafted question.
Review carefully before installing or running. The external API call is expected for this skill, but the helper script should be fixed so user questions are passed as data rather than embedded into Python code. Treat outputs as research support, not automatic financial advice.
VirusTotal
57/57 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
