股票查询 / Stock Price Query

Security checks across malware telemetry and agentic risk

Overview

This is a read-only stock quote skill that calls Tencent Finance for requested ticker data and shows no evidence of hidden persistence, credential access, or destructive behavior.

Reasonable to install for stock price lookups if you are comfortable with requested ticker symbols being sent to Tencent Finance. In privacy- or compliance-sensitive environments, confirm that outbound access to qt.gtimg.cn is allowed and avoid using it for sensitive watchlists or unreleased trading context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list includes broad phrases such as generic stock-related requests that may cause the skill to activate in contexts where the user did not intend tool execution. Over-broad invocation increases the chance of unnecessary external requests, confusing behavior, and accidental disclosure of user-provided symbols or query context to third-party APIs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal