Back to skill

Security audit

Quant Testing

Security checks across malware telemetry and agentic risk

Overview

This is a checklist/template skill for quantitative strategy testing, with no executable code, dependencies, credential access, or hidden runtime behavior.

Reasonable to install if you want a quantitative testing checklist. Be aware that generic trigger words may make it appear in unrelated conversations, and independently review any live-trading or real-money testing decisions before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger list contains very broad terms such as “测试”, “上线”, and “发布”, which are common in many unrelated conversations. This can cause the skill to activate unintentionally and inject testing or deployment guidance into contexts where it was not requested, increasing the chance of workflow confusion or unsafe automation around release decisions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.