stock-price-checker

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it checks user-provided stock tickers through Yahoo Finance/yfinance and prints price data.

Safe to use for public stock and ETF ticker lookups. Install yfinance from a trusted source, and avoid running it in air-gapped or restricted environments unless outbound Yahoo Finance/yfinance traffic is allowed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 91% confidence
Finding: The skill documentation states it checks stock prices using Yahoo Finance but does not clearly warn users that running it will initiate external network requests. This can mislead users operating in restricted, privacy-sensitive, or air-gapped environments, where unexpected outbound traffic may violate policy or expose usage metadata.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal