Back to skill

Security audit

crypto-watch-skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent crypto market-data analysis skill with external API calls and trading-style guidance, but no evidence of credential theft, trade execution, exfiltration, or destructive behavior.

Install only in an isolated Python environment, consider pinning dependencies, and be aware that market queries are sent to public data providers. Treat leverage and trading-plan outputs as educational analysis, not financial advice, and avoid providing wallet keys, exchange API keys, or authority to trade.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The module and function context present this code as 'pure computation' with no side effects, but analyze_all_assets creates a directory and writes results to disk. In an agent skill, undocumented filesystem writes are a real security concern because they can leak sensitive market inputs, create unexpected persistence, and violate sandbox or user expectations even without network access.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The top-level docstring says the module is 'pure computation' and implies no side effects beyond external data provision, but the implementation writes JSON output files. This mismatch is dangerous in agent environments because downstream systems or reviewers may trust the documentation and allow the skill in contexts where disk writes are not expected or permitted.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document gives prescriptive trading guidance that explicitly encourages increasing leverage when ATR% is low and reducing it when volatility is high, but it provides no risk disclosure, suitability checks, or safeguards. In the context of a crypto market-analysis skill that the agent must use for trading-related queries, this can be surfaced to end users as actionable financial advice and may encourage unsafe leveraged trading behavior.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas>=2.0.0
numpy>=1.24.0
requests>=2.31.0
urllib3>=2.0.0
Confidence
94% confidence
Finding
pandas>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas>=2.0.0
numpy>=1.24.0
requests>=2.31.0
urllib3>=2.0.0
Confidence
94% confidence
Finding
numpy>=1.24.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas>=2.0.0
numpy>=1.24.0
requests>=2.31.0
urllib3>=2.0.0
Confidence
95% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas>=2.0.0
numpy>=1.24.0
requests>=2.31.0
urllib3>=2.0.0
Confidence
95% confidence
Finding
urllib3>=2.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
72% confidence
Finding
requests

Known Vulnerable Dependency: urllib3 — 10 advisory(ies): CVE-2025-66471 (urllib3 streaming API improperly handles highly compressed data); CVE-2024-37891 (urllib3's Proxy-Authorization request header isn't stripped during cross-origin ); CVE-2026-21441 (Decompression-bomb safeguards bypassed when following HTTP redirects (streaming ) +7 more

High
Category
Supply Chain
Confidence
76% confidence
Finding
urllib3

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.