a-share-portfolio-calibrator

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only portfolio analysis helper that handles sensitive financial screenshots or lists, but its behavior is disclosed and aligned with its purpose.

Before installing, treat portfolio screenshots as sensitive financial information. Crop or redact account numbers, personal identifiers, broker metadata, QR codes, and unrelated screen content before sharing. Use the output as portfolio structure and diagnostic context, not as final investment or trading advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill is designed to process highly sensitive financial data such as holdings, account balances, and screenshots, but it does not instruct the agent to warn users about privacy risks or encourage redaction of identifiers. That increases the chance users will share account numbers, broker details, or other sensitive information without informed consent or minimization.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The instruction to use image or desktop-reading capabilities on screenshots increases exposure to sensitive on-screen account data, yet there is no user-facing warning or consent step. In practice, screenshots may reveal far more than holdings alone, including account IDs, balances, device notifications, or other unintended secrets, so silent extraction raises privacy and data-minimization risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal