Options Flow Intelligence

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward OptionWhales data-fetching skill that needs an API key and network access, with no evidence of hidden, destructive, or unrelated behavior.

Install only if you are comfortable giving the script an OptionWhales API key and making authenticated requests to OptionWhales. Prefer a scoped or revocable key if available, avoid exposing the key in shell history or logs, and review any cron, alerting, or downstream piping before forwarding the financial data elsewhere.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The setup instructions tell users to export an API key but do not disclose that the credential will be transmitted to an external third-party service as part of API authentication. While this is expected for API-backed tools, omitting the warning weakens informed consent and can lead users to expose credentials or sensitive request metadata without understanding the trust boundary.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal