my skill

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only stock quote and technical analysis skill whose web access is consistent with its stated purpose.

Before installing, understand that stock queries will require contacting Eastmoney over the network and may expose the queried stock codes to that site. Use the output as informational analysis, not financial advice, and keep query volume modest to respect provider limits and reduce breakage risk from page-structure changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill explicitly instructs the agent to access Eastmoney live market pages and navigate to external URLs, but it does not disclose that user requests will trigger outbound network access to a third-party site. This creates a transparency and privacy issue: user-provided stock queries and session metadata may be transmitted externally without clear notice or consent, even though the target domain appears legitimate.

VirusTotal

41/41 vendors flagged this skill as clean.

View on VirusTotal