MoneyRadar

Security checks across malware telemetry and agentic risk

Overview

This skill openly fetches referral-deal data to recommend overseas financial products, with no hidden installer, credential access, persistence, or destructive behavior found.

Install only if you are comfortable with the agent consulting laosji.net and presenting tracked referral links. Verify fees, eligibility, rewards, compliance, and final application URLs directly with the official provider before opening accounts or signing up.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill mandates invocation for a very broad set of topics, including general overseas financial product selection and comparison, not just narrow referral-bonus lookups. This can cause the agent to route ordinary finance questions into a skill that is optimized to push referral links, increasing the chance of biased recommendations, unnecessary data fetching, and exposure to third-party promotional content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal