FX Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Bank of China exchange-rate monitor that fetches public FX data and stores a small local history file, with some usability and setup cautions.

Before installing, confirm the script path matches your actual skill installation path. If you ask it to configure cron, review the exact cron entry first, make sure it only manages this FX monitor, and ask for English or another language if Chinese alerts are not suitable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill hard-codes Chinese-only output behavior for alerts and errors, overriding normal user-language preference and reducing user control over responses. This is primarily a policy and UX issue, but it can also cause misleading or unusable output for users who cannot read Chinese, especially in failure or alert conditions.

Natural-Language Policy Violations

Medium

Confidence: 79% confidence
Finding: The skill description mandates generating a Chinese FX alert message without indicating that the user can choose another language. This constrains agent output in a way that may conflict with user expectations or accessibility needs, though it does not by itself create direct code-execution or data-exfiltration risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal