Security audit

Cue Us Research

Security checks across malware telemetry and agentic risk

Overview

This appears to be a finance research helper with a broad trigger, but there is no evidence of hidden, destructive, or credential-stealing behavior.

Install only if you want the agent to help with US market and company research. Prefer explicit prompts such as asking it to run the research skill, and review any generated finance or trading output as research, not professional financial advice or an instruction to trade.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger list is broad and overlaps with common finance topics such as US equity research, macro, company analysis, and trading. In an agent environment, vague activation boundaries can cause the skill to activate in situations the user did not clearly request, leading to unintended execution paths such as prompting for credit-consuming research or steering the workflow toward external tooling.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal