Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Nautilus Trader
Security checks across malware telemetry and agentic risk
Overview
This is a real-money trading skill whose main purpose is disclosed, but it includes runnable mainnet examples that can place trades or change leverage without strong warnings or confirmation gates.
Install only if you intend to work with live algorithmic trading. Treat every live example as capable of using real funds, review is_testnet settings, trade sizes, symbols, margin mode, and leverage before execution, and never commit or share .env files or private keys.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (650)
Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- This markdown file includes concrete instructions for live trading on Hyperliquid mainnet, loading a private key from environment variables, running a trading node, and updating leverage on a real exchange. While the file describes how to perform these actions, it does not include a clear warning that these steps can place real trades, use real funds, or cause irreversible financial loss.
Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- This markdown file instructs users to export `HYPERLIQUID_PK` and even place it in a `.env` file, which involves handling highly sensitive wallet credentials. The surrounding documentation does not include a warning about protecting the key, avoiding committing `.env` files, or the financial risk of exposing mainnet credentials.
Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The document states that the fix enables live mainnet trading and later provides a leverage-setting example and filled mainnet trades, but it does not prominently warn that these actions affect real funds and can create losses. For markdown guidance that can impact user assets and system integrity, an explicit caution is expected.
Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- This markdown file documents several behaviors that can modify or remove persisted data, including overwriting existing files, renaming parquet files, and deleting data ranges. Under SQP-2 for markdown files, descriptions should warn users when behavior could affect user data or system integrity, but these sections present the operations functionally without any cautionary disclosure about irreversibility or backup considerations.
Missing User Warnings
Medium
- Confidence
- 83% confidence
- Finding
- This markdown file applies to SQP-2, and it describes live trading as deploying strategies in a real-time environment with no code changes. Because the document discusses behavior that can directly affect user funds and system integrity, it should include an explicit caution that live trading can place real orders and incur real financial loss, rather than only describing operational differences.
Missing User Warnings
Medium
- Confidence
- 87% confidence
- Finding
- The markdown embeds code that reads BINANCE_FUTURES_TESTNET_API_KEY and BINANCE_FUTURES_TESTNET_API_SECRET from environment variables, which is sensitive credential usage. Although using environment variables is common, the surrounding documentation does not explicitly warn readers to protect these secrets, avoid logging them, and prefer testnet or least-privilege credentials.
Missing User Warnings
Medium
- Confidence
- 86% confidence
- Finding
- This markdown file documents providing API credentials through environment variables or directly in configuration, but it does not explicitly warn that passing secrets directly in config is unsafe outside controlled contexts. Because the file contains operational guidance for live trading integrations, a clearer user-facing warning about secret handling would reduce the risk of accidental credential exposure.
Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The Tardis example demonstrates injecting an API key directly on the command line via an environment variable. While operationally common, the markdown does not warn users that inline secrets can be visible in shell history, CI logs, or process inspection, creating avoidable exposure risk.
Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The Binance example includes api_key and api_secret fields inline in a configuration block. Even though placeholder values are used, the markdown lacks an explicit warning that users should not store live credentials directly in source-controlled configuration files, which can normalize unsafe secret handling.
Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The BitMEX examples demonstrate passing API credentials directly into configuration objects. Although the text mentions environment variables are recommended, the example itself still models direct secret placement and lacks a prominent warning about source control, logs, and config leakage risks.
Missing User Warnings
High
- Confidence
- 95% confidence
- Finding
- This section instructs users to set wallet keys in environment variables, run scripts that set token allowances, and generate API credentials, but it does not provide a clear safety warning about the sensitivity of private keys or the financial impact of overbroad approvals. Because these actions affect blockchain funds and contract permissions, stronger disclosure is warranted.
Missing User Warnings
High
- Confidence
- 94% confidence
- Finding
- The markdown tells users they can provide wallet_address and mnemonic values to configuration objects or environment variables, but it does not explicitly state that mnemonics are high-sensitivity recovery secrets that can fully compromise funds. In a trading integration context, omitting that warning may lead users to handle these secrets too casually.
Missing User Warnings
Low
- Confidence
- 78% confidence
- Finding
- This markdown describes a self-contained dockerized notebook server and notes that deleting the container will also delete any data. Because the workflow affects user data persistence, it should include a clearer warning about ephemeral storage and recommend persisting volumes or backing up work before use.
Missing User Warnings
Low
- Confidence
- 72% confidence
- Finding
- The quickstart tells users to download sample data and set it up locally, and the embedded example later writes files into a local catalog directory. For a getting-started guide, there is no explicit warning that the step performs network retrieval and local filesystem writes, which may matter in restricted or sensitive environments.
Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- This markdown file describes deploying a strategy live on Hyperliquid mainnet, which can affect user funds and account state. Although it mentions 'mainnet' and shows executable trading setup, it does not include a clear warning about financial risk, irreversible live order placement, or recommending testnet/paper validation first.
Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The markdown instructs users to place a Hyperliquid private key in a local .env file, which is sensitive credential material. While the file later notes '.env' is gitignored, there is no direct warning here about the risk of exposing the private key, restricting file permissions, or avoiding sharing/logging it.
Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The markdown provides a one-time setup example that sets 10x leverage on a live trading venue. Changing leverage is a safety-critical account action, and the section does not warn users about the amplified risk, liquidation exposure, or advise confirming account settings before execution.
Missing User Warnings
High
- Confidence
- 96% confidence
- Finding
- This section is a runnable live-trading example configured with is_testnet=False and a call to node.run(), which can immediately begin trading with real credentials. The description does not provide a strong user-facing warning that executing this example may place live orders and alter account positions without further confirmation.
Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- This code accesses the sensitive environment variable HYPERLIQUID_PK and derives an account object from it, but the only surrounding docstring says it initializes the SDK connection and does not warn that a private key is being consumed. Under the code-file criteria, sensitive credential access should have some visible disclosure such as an explanatory comment, docstring, or user-facing message.
Missing User Warnings
High
- Confidence
- 95% confidence
- Finding
- The call to exchange.order submits order data to the Hyperliquid exchange, which is a safety-critical network operation that can affect user funds, but this file provides no explicit warning beyond technical patching text. The print statement only announces that a patch was applied, not that live orders may be transmitted to mainnet.
Missing User Warnings
High
- Confidence
- 89% confidence
- Finding
- Importing this module immediately invokes apply_hyperliquid_patch(), which rewires order submission behavior and can lead to external trading actions later without any confirmation step. For a code file performing safety-critical behavior changes, automatic activation without a clear warning increases the risk of unintended execution.
Missing User Warnings
High
- Confidence
- 96% confidence
- Finding
- This code file places a market buy order in `_place_test_order()` and calls `submit_order(order)` automatically on the first bar, which is a safety-critical operation. Although there is a log message after submission, there is no prior confirmation prompt or clear user-facing warning in the file that running this example will execute a real live trade.
Missing User Warnings
High
- Confidence
- 91% confidence
- Finding
- The execution client is configured with `private_key=pk` and `is_testnet=False`, enabling real mainnet trading with sensitive credentials. The file lacks a clear warning near this configuration that running it will use the supplied private key to place live orders.
Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- This markdown file contains user-facing guidance to pass Interactive Brokers credentials directly or via environment variables, and nearby examples show literal username/password fields. Although environment variables are mentioned, there is no explicit warning not to commit secrets, share logs, or hardcode real credentials in code and config examples.
VirusTotal
66/66 vendors flagged this skill as clean.