Back to skill

Security audit

01-exchange-skill(not official)

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only 01.xyz trading skill with no hidden executable behavior, but its examples can affect real crypto funds if used on mainnet.

Install only if you intend to build against 01.xyz/N1. Verify the npm packages and endpoints from official sources, use devnet first, keep the local signing API on your own machine, use a dedicated low-balance wallet, and require explicit confirmation before any order, withdrawal, deposit, or position-closing action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The `disarm()` method logs that trading is resumed, but it sets `this.armed = false`, the same state used after emergency shutdown. This contradictory behavior can disable the kill switch when an operator believes they are safely resuming or re-arming protections, creating a dangerous false sense of safety in a live trading/risk-management system.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation provides direct examples for placing market/limit orders, closing positions, deposits, withdrawals, and bulk position execution against mainnet endpoints without prominent warnings that these actions can affect real funds. In an agent-skill context, such examples can be copied or automated by downstream agents or users, increasing the risk of unintended live trading or loss of assets.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.