Back to skill

Security audit

Trading Signal

Security checks across malware telemetry and agentic risk

Overview

This is a read-only crypto signal lookup skill, but users should treat its outputs as risky market data rather than investment advice.

Install only if you want an agent to query Binance Web3 smart-money signal data. Do not treat buy/sell signals, max gain, or exit rate as personalized financial advice or proof that a trade is safe; independently verify token risks, liquidity, timing, and your own suitability before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill explicitly says to use it when users are looking for investment opportunities, which is overly broad routing guidance for a high-risk financial domain. That can cause the agent to invoke the skill for generic investing queries and surface speculative token signals without adequate suitability checks, increasing the chance of unsafe financial recommendations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The overview describes the signals as helpful for tracking professional investors but does not warn that the output is unverified market intelligence and not investment advice. In a trading context, that omission makes misuse more likely because users may interpret signals, max gain, and exit rate as endorsement to buy or sell risky assets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.