China Stock Quant

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed China A-share/ETF analysis and backtesting skill with no evidence of hidden access, credential use, live trading, persistence, or destructive behavior.

Install dependencies in an isolated Python environment, consider pinning package versions, and treat generated trading signals as analysis only. Verify financial conclusions independently before acting on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list includes broad English phrases such as "stock analysis," "quantitative trading," and "backtest," which can cause the skill to activate for generic finance requests beyond its intended narrow scope. Over-broad activation increases the chance of inappropriate tool routing, causing the agent to invoke this skill when the user did not ask for China A-share or akshare-specific functionality.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal