CAI: gtrade-with-cai

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent, but it enables real-money leveraged crypto trading with broad API authority and unclear user-level limits.

Only install this if you understand that an enrolled agent may place leveraged crypto trades that can lose money. Use the narrowest CAI API scope available, verify the actual server-side dollar caps before enabling it, start with very small trade sizes and low leverage, and confirm how to revoke enrollment or rotate the API key.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill enables real-money custodial trading and explicitly notes that v1 has no per-user limit UI, yet it does not prominently warn about financial loss, liquidation, leverage risk, or the practical consequence that users may rely only on server-side caps. In a trading automation context, omission of these disclosures can cause users to authorize risky actions without understanding loss boundaries, making this a meaningful safety and security weakness even if it is not an exploit in the traditional software sense.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal