A股港股美股股价查询

Security checks across malware telemetry and agentic risk

Overview

This skill coherently performs stock-price lookup and does not show hidden credential access, persistence, destructive behavior, or unrelated data collection.

Install this for simple stock-price queries only. Avoid sending private account details or sensitive text as the stock query, and expect queries to contact external finance services; also ensure the local Python environment has a trusted requests package available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 73% confidence
Finding: The invocation description is broad enough to match generic market-data requests, which can cause the wrong skill to be selected for queries outside narrow stock-price lookup. This is primarily a routing and least-privilege problem: over-triggering a networked skill increases unnecessary external calls and can produce misleading or incomplete answers in contexts the skill was not designed to handle.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal