Security audit

段永平投资智慧

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only investment analysis checklist with no executable behavior, but its stock-holding suggestions should not be treated as financial advice.

Install only if you want an educational investment-analysis framework. Verify company facts and valuation assumptions independently, consider your risk tolerance and time horizon, and consult a licensed financial advisor before making real investment decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill gives structured guidance for deciding whether a company is worth holding for 10+ years, including pass/fail criteria and a concrete recommendation example, but it does not clearly warn that this is not financial advice and may materially affect a user's finances. In an investment-analysis context, users may over-rely on the checklist as actionable advice, increasing the risk of financial harm from unsuitable or oversimplified decisions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal