stock-screener-cn

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Chinese stock-screening helper that fetches public market data and does not show hidden data access, persistence, account changes, or exfiltration.

Use this for A股/港股 technical screening only, and treat outputs as informational analysis rather than investment advice. Install dependencies in a virtual environment, and consider pinning package versions before repeated use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill’s activation description is broad enough to trigger on common stock- or strategy-related queries, which can cause the agent to invoke this skill when the user did not specifically request Chinese-market technical screening. Over-broad activation can lead to inappropriate tool use, reduced user control, and incorrect market/context assumptions, especially for users asking about general investing rather than A股/港股 screening.

Natural-Language Policy Violations

Low

Confidence: 82% confidence
Finding: The skill hard-codes Chinese-market scope and Chinese-language framing without clearly stating that this specialization applies only when the user wants A股/港股 analysis. This can cause the agent to steer users into a narrower regional and linguistic context than requested, producing irrelevant or misleading outputs when the user’s market or language preference is different.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal