Send to FMZ

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for FMZ trading, but it can trigger real trading signals with weak default scoping and no clear confirmation guardrails.

Review carefully before installing. Use only with a test or paper-trading FMZ robot until configured, replace the default UUID with your own secret, avoid broadcast node_id 0 unless intentionally targeting all robots, and require manual approval before any buy, sell, or close signal reaches a live account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This skill is specifically designed to transmit actionable buy/sell/close signals to a live trading platform, yet the description provides no warning that using it may trigger real financial actions. In context, this is more dangerous than generic outbound HTTP because mistakes, prompt injection, or misuse could directly cause financial loss through automated trading.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal