Security audit

Stock Browser Fetcher

Security checks across malware telemetry and agentic risk

Overview

This skill collects stock-market data through browser automation, but it explicitly says it bypasses anti-scraping protections without clear authorization or safety limits.

Install only if you are authorized to access the listed financial sites through automation. Prefer official or licensed market-data APIs, and require explicit user control, rate limits, and source allowlists before allowing browser-driven scraping that bypasses anti-bot protections.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly advertises browser-driven scraping of third-party financial sites while 'bypassing anti-bot mechanisms', which creates legal, compliance, and operational risk for users and the platform. Even without embedded code in this file, the documentation encourages potentially unauthorized automated access and fails to disclose the network, detection, and terms-of-service implications of such behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal