A Stock Pattern Review

Security checks across malware telemetry and agentic risk

Overview

The skill appears to provide market or trading analysis, with broad trigger wording but no evidence of hidden access, persistence, or automatic financial actions.

Before installing, consider whether you want broad market-analysis terms to activate this skill automatically. Treat any trading or investment analysis as informational, verify data independently, and avoid acting on generated plans without explicit review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases are broad, common conversational terms such as '复盘', '盘面分析', and '资金流向', which can easily appear in ordinary discussion and cause unintended activation. In this skill’s context, misfires could lead the agent to provide unsolicited trading-analysis guidance or structure responses around speculative financial decision-making when the user did not explicitly request this skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal