Liberfi Perpetuals

Security checks across malware telemetry and agentic risk

Overview

This is a coherent crypto trading skill, but it asks for persistent account access and a silent global CLI install while under-scoping consent for sensitive account reads.

Install only if you trust LiberFi and its CLI. Verify or install the CLI yourself, confirm which LiberFi account and wallet the agent is using before viewing private trading data, know how to revoke the agent login, and never approve deposits, order submissions, or cancellations unless the amount, recipient, market, side, size, and fees are clear.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Ssd 3

Medium

Confidence: 93% confidence
Finding: These instructions tell the agent to silently authenticate, resolve the user's server-managed wallet address, and query positions/orders/fills without explicit disclosure or consent at runtime. That creates a hidden identity-resolution and account-access flow that can surprise users and expose sensitive financial account data tied to the authenticated session.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The skill repeats a hard requirement to auto-resolve the user's TEE EVM address and forbids asking the user, reinforcing a covert retrieval pattern for personally linked wallet identity. In a financial context, silently binding 'my positions' to a hidden server-managed wallet increases privacy and authorization risk if sessions are stale, shared, or misunderstood.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The step-by-step 'My...' autoflow operationalizes hidden login, identity lookup, and personal-history queries, making unauthorized or non-transparent access easier to reproduce. Because the queried data includes trading history and PnL-related information, misuse could disclose sensitive financial behavior to someone interacting through an already-authenticated agent session.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal