Back to skill

Security audit

Lighter

Security checks across malware telemetry and agentic risk

Overview

This Lighter trading skill is purpose-aligned, but it can place live mainnet trades with signing credentials without a built-in confirmation or dry-run safeguard.

Install only if you intentionally want an agent or scripts to access a Lighter account. Use read-only flows by default, verify and pin the external Lighter SDK before trading, use a burner or limited-permission account where possible, keep keys out of logs, and require your own manual confirmation before running any live order command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares required environment variables and directs users to make network calls, but it does not explicitly declare permissions for those capabilities. This weakens transparency and policy enforcement: a user or platform may underestimate that the skill can access credentials and interact with external services, including authenticated account endpoints.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The document states that execution paths must require `confirm=true`, but the live trading example immediately broadcasts a signed transaction via `sendTx` with no confirmation gate or documented safeguard. In a trading skill, this mismatch can cause unintended irreversible order placement if an agent or user follows the example literally, especially because signed transactions are the final execution step.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill is specifically for trading on a live DEX and references signed transaction flows, API keys, market orders, and account management, but it does not prominently warn that actions may place real, irreversible orders with financial loss risk. In this context, insufficient risk disclosure is more dangerous because users may treat examples and guidance as safe defaults and unintentionally execute live trades.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This script is hardwired to a mainnet endpoint and immediately submits orders with no explicit confirmation, simulation, or dry-run safeguard. In an agent skill context, this increases the chance of accidental real trades and irreversible financial loss from mistaken parameters or autonomous invocation.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The code reads a sensitive trading credential from the environment without any user-facing disclosure about the scope of that credential or the risks of using it in automation. While environment-variable access is common, in a trading skill this can lead users or calling agents to unknowingly expose or misuse a credential capable of placing real orders.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.