股票查询
Security checks across malware telemetry and agentic risk
Overview
The stock skill appears to do only the expected work of fetching stock quote data, with no evidence of sensitive access, persistence, or destructive behavior.
This looks safe for ordinary stock quote lookup use. Before installing, users should understand that it contacts an external stock data service, so queried symbols may be visible to that provider.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.