Crypto Alpha Daily Intelligence

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed crypto-news summarization skill with expected use of external APIs and credentials, and no evidence of hidden code, exfiltration, destructive actions, or privileged persistence.

Install only if you are comfortable providing API keys and sending crypto-news queries or article content to external AI/news providers. Keep posting or trading actions manual unless you add and review separate integrations with explicit approval, rate limits, and compliance checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly states it fetches crypto news from external APIs, but it does not warn users that prompts, topics, configuration values, or other request data may be transmitted to third-party services. This creates a transparency and privacy risk because users may supply sensitive trading interests, API keys, or internal context without understanding that external providers will receive related data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal