A股-加密货币-定时早报-多维度指标全方位分析-安装即用无复杂配置-自带验证降低幻觉

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed market-analysis helper with optional data-fetching scripts, not an automated trading or data-exfiltration tool.

Install only if you want a structured A-share and crypto research assistant. Treat outputs as research, not investment advice; review the Python dependencies before running helper scripts; expect outbound calls to market-data providers; and use a low-risk CryptoPanic token only when news fetching is needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: # Install deps subprocess.check_call([str(py), "-m", "pip", "install", "-U", "pip"]) subprocess.check_call([str(py), "-m", "pip", "install", "-r", str(req)]) print("ok") print(f"venv: {venv_dir}")
Confidence: 79% confidence
Finding: subprocess.check_call([str(py), "-m", "pip", "install", "-r", str(req)])

Tainted flow: 'url' from os.getenv (line 573, credential/environment) → requests.get (network output)

Critical

Category: Data Flow
Content: f"auth_token={token}&public=true&currencies={base_symbol}&kind={kind}" ) try: resp = requests.get(url, timeout=10) except requests.RequestException: raise RuntimeError("CryptoPanic request failed") from None
Confidence: 94% confidence
Finding: resp = requests.get(url, timeout=10)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger list is very broad and overlaps with ordinary finance discussion, making accidental invocation plausible. In an agent environment, unintended activation can change system behavior, cause irrelevant market-analysis prompts to override user intent, or unnecessarily route sensitive user content into a skill with strong output constraints.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description says to 'immediately load this skill' for a very broad set of common finance-related phrases, which can cause the skill to activate in contexts where the user did not intend tool-backed market analysis. Overbroad auto-triggering is dangerous because it can expand the skill's reach to more conversations, increasing the chance of unnecessary network calls, script execution, or disclosure of trading-style advice in the wrong context.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The when-to-use section relies on generic keyword mentions like 行情, 策略, 个股, 币对, and similar English finance terms, without requiring clear contextual constraints. In a shared agent environment, ambiguous keyword-driven routing can misfire on incidental mentions, causing the model to adopt this skill's rigid instructions and potentially invoke external resources unnecessarily.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The skill performs credential-bearing outbound requests to a third-party service using a user-supplied environment token, but there is no user-facing disclosure at the call site or runtime that the token will be transmitted off-box. In an agent skill context, this matters because users may not realize that enabling optional news functionality causes external API use with their credential.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal