jin-duo-duo-strategy

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed stock technical-analysis helper that runs local indicator calculations, with no evidence of hidden data collection, credential use, network calls, or trading execution.

Use this as an educational technical-analysis tool, not as financial advice or an automated trading system. Install dependencies from a trusted package index, consider pinning pandas and numpy, and avoid enabling memory unless you are comfortable with your stock-analysis history being retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger condition is broad enough to activate on ordinary discussion of stock timing or strategy analysis, which can cause the skill to engage when the user did not intend to invoke a trading-analysis workflow. In a financial context, accidental activation increases the chance of the agent producing authoritative-seeming market guidance from incomplete context, leading to inappropriate recommendations or overreach.

Unpinned Dependencies

Low

Category: Supply Chain
Content: pandas>=2.0.0 numpy>=1.24.0
Confidence: 97% confidence
Finding: pandas>=2.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: pandas>=2.0.0 numpy>=1.24.0
Confidence: 97% confidence
Finding: numpy>=1.24.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal