CAI: ostium-with-cai

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed CAI/Ostium trading skill with real financial risk, but the artifacts are coherent and do not show hidden, deceptive, or unrelated behavior.

Install only if you intend to let an agent use your CAI account for live Ostium trading. Use the narrowest CAI API scope available, understand that leveraged perps can lose funds and incur fees or gas costs, and require explicit confirmation before any place or close trade action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill enables real custodial trading actions, including opening and closing leveraged perpetual positions and moving user funds, but it does not present a clear, explicit warning that these actions are financially binding and can cause loss of funds. In an agent-executed context, this omission increases the risk of users authorizing or triggering high-impact actions without fully understanding that live trades and custody-managed transfers will occur.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal