China Stock Smallcap
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward public-market-data stock selector with no credential access, persistence, or local data mutation found.
Before installing, understand that this skill makes outbound requests to Eastmoney and produces financial screening output that should be treated as informational, not investment advice. The script does not appear to access credentials or private local data; the practical concern is that the documented script path may need correction at runtime.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.