Eastmoney Select Stock 1.0.2

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed stock-screening integration that uses an Eastmoney API key and sends stock-screening queries to Eastmoney, with no hidden persistence or account-changing behavior found.

Install only if you trust the Eastmoney API integration and are comfortable sending stock-screening keywords to Eastmoney. Keep EASTMONEY_APIKEY in a trusted environment, do not print or paste the key into logs or chats, and treat any stock recommendations as screening output rather than financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger conditions are broad and include open-ended phrases like '股票推荐', which can cause the skill to activate for loosely related investment requests without clear user intent or scope checks. In a financial context, overbroad invocation increases the chance of unexpected external data sharing and unbounded recommendation behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal