Trading DevBox
Security checks across malware telemetry and agentic risk
Overview
This trading backtest skill is coherent and disclosed, with local temporary Python execution but no evidence of hidden data access or harmful behavior.
Install only if you are comfortable with an agent generating and running a local Python backtest script. Review generated strategy code when practical, ensure python3 and backtrader come from trusted sources, and treat backtest output as development information rather than financial advice.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.