Headless Crypto trading for agents

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for crypto trading, but it can use wallet private keys to make real on-chain trades without strong confirmation or spending-limit safeguards.

Review carefully before installing. Use only a dedicated low-balance trading wallet, never a primary wallet; run simulations or testnet first; pin and audit dependencies; require explicit approval, token allowlists, max trade sizes, loss limits, and a stop mechanism before allowing any automated strategy to trade live.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill documents use of environment variables and network/RPC access but does not declare corresponding permissions. In an agent setting, undeclared capabilities reduce transparency and can cause the skill to access secrets or external endpoints without an explicit trust boundary, which is risky for a finance-related skill handling wallets and trading operations.

Context-Inappropriate Capability

Medium

Confidence: 83% confidence
Finding: The CLI automatically pulls private keys from environment variables when the caller does not provide one explicitly, giving the script implicit access to highly sensitive secrets. In an agent setting, this increases blast radius because a simple swap command can trigger secret use without an explicit secret-passing step or user awareness.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This skill enables real blockchain trades and references private keys, swaps, and portfolio actions, but it does not place a prominent warning that actions can move real funds irreversibly. In a headless autonomous trading context, lack of explicit risk disclosure increases the chance that an agent or user triggers live trades under the assumption they are reversible or low risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The automated strategy examples show unattended loops and scheduled execution that can place trades based on market conditions, yet they omit a clear warning that these patterns can execute repeatedly without further confirmation and directly affect user funds. In an autonomous agent skill focused on trading, this materially raises the risk of unintended or excessive losses from bad parameters, bugs, market volatility, or compromised inputs.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document provides copyable approval and swap examples that directly authorize token spending and broadcast fund-moving transactions, but it does not clearly warn that approvals can grant broad spending rights and swaps are generally irreversible once submitted. In a headless autonomous trading skill, this omission is more dangerous because agents may execute these flows without a human review step, increasing the chance of accidental loss, excessive approvals, or bad trades.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation explicitly instructs users to build, sign, and send a swap transaction on a live blockchain without a clear warning that this moves real funds, incurs fees, and is generally irreversible once confirmed. In a headless autonomous trading skill, omission of these warnings is more dangerous because downstream agents may operationalize the steps automatically without human review.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The example code connects to Solana mainnet and calls send_transaction without any visible guardrails, confirmation step, simulation, or warning that the transaction can spend real assets. In the context of an autonomous trading skill, copy-paste or agent reuse of this example could directly trigger unintended on-chain trades and fee expenditure.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The file provides multiple ready-to-run strategies that execute live token swaps in loops and on schedules, but it does not prominently warn that these examples can spend real user funds, incur losses, or trigger repeated trades if left running. In the context of a headless autonomous trading skill, this omission increases the chance that an agent or user treats the examples as safe defaults and causes unintended financial loss.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The Solana flow sends wallet-derived data to the Jupiter API as part of constructing a swap transaction, but there is no user-facing warning or consent checkpoint at the moment of transmission. In a headless autonomous trading skill, undisclosed outbound transmission tied to a wallet is more sensitive because agents may act without a human noticing exactly what wallet data is being shared externally.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The BNB path signs and broadcasts a real on-chain transaction immediately, with no pre-execution confirmation, policy check, or mandatory dry-run. In an autonomous headless trading context this is especially risky, because any upstream prompt/agent mistake can directly cause irreversible asset movement and gas expenditure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal