7d Stock Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a user-run stock analysis tool with disclosed dependencies and API-key use, but its investment conclusions are partly placeholder-style and should not be relied on as financial advice.

Install it in a controlled Python environment, review the third-party packages you are adding, protect any QVeris API key you provide, and treat the generated ratings as rough informational output rather than trading instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The code claims it must aggregate prior analyses, but instead returns fixed scores, ratings, and recommendations regardless of input or upstream results. In a stock-analysis skill, this can mislead users into treating fabricated investment conclusions as data-driven output, creating integrity and trust risks and potentially harmful financial decisions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal