腾讯自选股数据工具
Security checks across malware telemetry and agentic risk
Overview
This skill is a coherent public stock-market data helper, with the main caveat that it runs a pinned third-party npm CLI at use time.
Install only if you are comfortable with a skill that runs a pinned npm CLI to fetch public market data. In sensitive or production environments, review or sandbox `westock-data-clawhub@1.0.4` and verify the package integrity before use.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.