Earnings and Financial Release Countdown

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent earnings-reminder helper, with some scheduling and privacy caveats users should confirm before enabling.

Before installing, confirm the ticker, timezone, delivery chat, and daily reminder time. Be aware this creates a recurring reminder that runs other finance skills until earnings day, so cancel it if the schedule or destination is wrong.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to auto-detect and pass channel and chatId from session context into reminder creation without an explicit user-facing disclosure or confirmation. This creates a privacy and consent risk because reminders may be scheduled against a communication destination the user did not knowingly approve, and exposes internal routing identifiers to downstream tooling.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: Defaulting to Europe/Paris when the user does not provide a timezone can cause reminders to fire at unintended local times. While not a classic security exploit, this is a consent and integrity issue because the system may take action on the user's behalf using an assumed locale they did not choose.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal