Back to skill

Security audit

Chinese Interest Rate

Security checks across malware telemetry and agentic risk

Overview

This skill checks public Chinese interest-rate data and saves local rate history, with no evidence of credential access, hidden persistence, destructive behavior, or unrelated data collection.

Install this if you want a China interest-rate monitor that may run a Python script, contact Yahoo Finance, SHIBOR, and ChinaMoney endpoints, and keep a local rate-history JSON file. Narrow the trigger phrases or invoke it explicitly if you do not want it to activate on general interest-rate questions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes very broad terms such as “利率”, “今天利率”, “利率查询”, and “利息”, which are likely to match many ordinary finance-related conversations beyond the intended monitoring use case. This can cause the skill to activate unexpectedly, hijack unrelated requests, and increase the chance of user confusion or unintended data/network actions in agent environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.