AI智能交易Agent

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese-language trading analysis prompt skill with no executable code, account access, or hidden data handling.

Install only if you are comfortable with a Chinese-language trading-analysis assistant. Do not treat generated signals or position sizes as personalized financial advice, and do not connect broker credentials or execute trades based only on the skill output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The skill hard-codes Chinese-only output, removing user choice and potentially preventing users, reviewers, or downstream safety systems from receiving information in their preferred or expected language. In a trading-related skill, this can increase operational risk because warnings, limitations, or risk disclosures may be less accessible to some users, though it does not by itself create code-execution or data-exfiltration risk.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal