Back to skill

Security audit

Currency Forecast

Security checks across malware telemetry and agentic risk

Overview

This currency forecasting skill is purpose-aligned and does not show hidden, destructive, persistent, or credential-seeking behavior.

Safe to install based on the provided artifacts. Treat forecasts as informational, review any proposed command before allowing it, and avoid including private financial details or account information in prompts that may be used for API calls or web search.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill explicitly states it uses external API calls and web search, but it does not warn that user-supplied currency pairs, thresholds, or analysis requests may be transmitted to third-party services. This creates a data disclosure/privacy risk because users may include sensitive context in prompts that is then sent off-platform without clear notice or minimization.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.