Tencent Finance Stock Price

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward stock quote skill that sends requested ticker symbols to Tencent Finance and displays the results.

Install only if you are comfortable with ticker symbols you query being sent to Tencent Finance over an unencrypted HTTP request. Do not rely on this as the sole source for financial decisions, and no credential or local-data access was found in the reviewed artifacts.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill performs outbound network access to query Tencent Finance but does not explicitly declare that capability in its permissions/metadata. This creates a transparency and policy-enforcement gap: users or hosting platforms may not realize the skill sends data externally, and permission systems cannot properly mediate or audit that behavior.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal