Back to skill

Security audit

Coinbase

Security checks across malware telemetry and agentic risk

Overview

This is a text-only crypto governance guidance skill with no evidence of account access, code execution, credential handling, trading, or persistence.

Install only for general crypto custody and governance guidance. Treat it as unaffiliated educational material, not official Coinbase support or regulated financial, legal, or tax advice, and do not provide wallet secrets, exchange passwords, API keys, seed phrases, or other sensitive credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase at line 35, "how should I structure crypto holdings", is broad enough to match many ordinary finance or portfolio-management requests outside a narrowly scoped Coinbase or custody-governance context. Overbroad activation can cause the skill to be invoked unexpectedly, steering users into specialized crypto guidance when they did not explicitly request it and increasing the chance of misleading, off-target, or compliance-sensitive advice.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.