Security audit
加密货币与贵金属监控(国内源)
Security checks across malware telemetry and agentic risk
Overview
This price-monitoring skill does what it claims, but it uses an insecure metals data path that can be tampered with and then reused unsafely by the script.
Review before installing. Use it only as a non-authoritative price reference, not for trading decisions. Prefer a fixed version that uses HTTPS for all data sources, validates all prices as numeric before use, and has consistent package metadata.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
