Hk LeETF

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only ETF analysis skill; its market-data use and local analysis-log reference fit its stated purpose, though users should handle financial logs carefully.

Install only if you are comfortable with the agent fetching current market/ETF data and using the referenced local project/log locations. Keep credentials, brokerage session data, private trading strategies, and sensitive portfolio details out of those logs, and independently verify any financial recommendation before acting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly describes fetching external market data and references a local analysis log directory, but it does not disclose these behaviors to the user or define limits on what may be accessed or stored. In an agent context, undisclosed external access and local persistence can expose sensitive environment information, create privacy concerns, and cause users to unknowingly permit data collection or retention.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal