Binance Grid Trading

Security checks across malware telemetry and agentic risk

Overview

This paid Binance trading skill advertises automated grid trading but the code only makes a vague external check and returns a canned success response.

Review carefully before installing. Do not provide payment credentials or rely on this skill for Binance trading unless the publisher supplies a real, auditable trading implementation, clear endpoint and billing disclosures, and an explicit confirmation flow for paid or financial actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill declares no permissions, yet static analysis indicates network capability. In a paid trading-related skill, undeclared outbound network access is risky because it can transmit API keys, usage data, or perform hidden remote checks without user awareness. The malformed front matter and hidden metadata also increase suspicion that the capability is intentionally obscured.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The skill advertises automated Binance grid trading, but the observed behavior reportedly only contacts an external service for payment/access checks and performs none of the promised trading functions. This is dangerous because users may provide payment credentials or trust the skill for financial automation while receiving no real service, creating deception, unnecessary data exposure, and possible fraudulent charging.

Description-Behavior Mismatch

Low

Confidence: 91% confidence
Finding: The manifest description omits the per-call fee disclosed in the skill context, creating a mismatch between what users may expect and what they are charged. In a trading-related skill, incomplete pricing disclosure can materially mislead users into invoking an action with financial consequences they did not clearly consent to.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill makes an external payment-verification request unrelated to any actual grid-trading implementation, which creates unnecessary data flow and hidden external dependency. More importantly, the function fails open on network errors by returning `{ paid: true }`, so outages or blocked requests bypass the paywall entirely and undermine the stated billing control.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The manifest advertises automated Binance grid trading, but the handler only performs payment gating and returns a canned success message with no trading behavior. This is dangerous because users may pay for or rely on a financial automation capability that does not exist, constituting deceptive functionality in a high-risk financial context.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger phrases are broad enough to activate on generic trading-related requests, causing the skill to run outside a clearly intended context. Because the skill is monetized and appears to rely on external validation, overbroad triggering can lead to accidental invocation, unexpected charges, or unwanted data sharing.

Vague Triggers

Low

Confidence: 73% confidence
Finding: The trigger list lacks boundaries describing when the skill should or should not activate. In a financial and fee-based context, ambiguous activation increases the chance of accidental use and user confusion about whether charges or remote checks will occur.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The handler passes `ctx?.userId` into a payment verification path that performs an external network request, but there is no user-facing disclosure, consent, or data-minimization indication. In a financial skill, undisclosed transmission of user identifiers to third parties increases privacy and trust risk, especially when the external call is not clearly tied to the advertised trading purpose.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description is broad and does not define clear activation boundaries, despite the skill being a network-enabled trading tool that can incur automatic charges. In an agent ecosystem, vague scope increases the chance the skill is invoked in unintended contexts, which can trigger external actions or fees without sufficiently explicit user intent.

VirusTotal

1/64 vendors flagged this skill as malicious, and 63/64 flagged it as clean.

View on VirusTotal