Finance Watcher

Security checks across malware telemetry and agentic risk

Overview

Finance Watcher is a coherent market-price CLI with expected local config, market-data network calls, and user-directed report output, but users should avoid sensitive output paths.

Install only if you are comfortable with your watched symbols being queried against CoinGecko and Yahoo Finance and stored locally in ~/.config/finance-watcher. When generating reports, choose a normal report filename or dedicated folder and do not point --output at sensitive files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The skill advertises market monitoring without clearly warning that it will contact third-party services such as CoinGecko and Yahoo Finance. This can create privacy and policy risks because user activity, watched symbols, timing, IP address, and usage patterns may be exposed to external providers without explicit user awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal