投资组合监控
Security checks across malware telemetry and agentic risk
Overview
This skill locally tracks a portfolio, fetches market prices, and writes a local summary file, with privacy and Python-installation cautions but no evidence of malicious behavior.
Use a Python virtual environment instead of `--break-system-packages` where possible. Treat `memory/portfolio.json` and the generated state file as private because they reveal holdings and cost basis, and install only if you are comfortable with yfinance/Yahoo Finance receiving the ticker symbols queried.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.