Crypto Arbitrage

Security checks across malware telemetry and agentic risk

Overview

This crypto trading skill is best treated as a review item because it markets live arbitrage automation while the code uses simulated prices and simulated executions, with weak disclosure around credentials and auto-execution.

Review carefully before installing. Treat it as a simulator/demo unless the publisher clearly documents real exchange integrations and safety controls. Do not provide real exchange API secrets or enable auto-execution with live funds; if testing, use sandbox/testnet keys, disable withdrawals, set tight capital limits, and verify provenance first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill documents use of API keys, exchange secrets, and environment-backed credentials while declaring no permissions. That mismatch can cause users or platforms to grant implicit trust without understanding that sensitive secrets are being handled, stored, or accessed. In a financial trading skill, hidden credential handling materially increases the risk of account compromise or unauthorized trading.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented behavior materially differs from the described purpose and includes sensitive credential handling, extra analytics/history features, and claims of real-time execution despite evidence of simulated data/execution. This kind of overclaiming or misleading documentation is dangerous because users may trust the tool with live exchange credentials and capital under false assumptions about what it actually does. In an automated trading context, misrepresentation can directly lead to financial loss and unsafe operational decisions.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The README encourages users to supply exchange API keys and enable automatic trade execution, but it does not clearly warn how credentials are stored, transmitted, scoped, or protected. In a financial-trading skill, that omission can cause users to grant overly broad permissions or mishandle secrets, increasing the risk of account compromise, unauthorized trading, or fund loss if the skill or environment is unsafe.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill exposes configuration to enable automatic trading and sets enabled=true by default inside configureAutoExecute, with no mandatory interactive confirmation, kill switch, or proof-of-consent at execution time. In a financial trading skill, autonomous live order placement can cause immediate irreversible monetary loss if triggered by bad data, logic errors, stale opportunities, or misuse by a caller.

Missing User Warnings

High

Confidence: 98% confidence
Finding: executeArbitrage supports dryRun=false and then performs live trade execution logic without any embedded user disclosure, confirmation gate, or policy check that the caller is authorized for irreversible financial actions. In the context of a crypto arbitrage executor, this is especially dangerous because trade execution is time-sensitive, costly, and can rapidly consume capital across exchanges.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: ### ⚡ Auto-Execution - One-click arbitrage execution - Configurable auto-execute thresholds - Smart order routing - Partial fill handling - Failed trade recovery
Confidence: 88% confidence
Finding: auto-execute

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: | `minProfit` | number | 0.5 | Minimum profit % to consider | | `maxCapital` | number | 10000 | Max capital per trade | | `scanInterval` | number | 1000 | Scan interval in ms | | `autoExecute` | boolean | false | Enable auto-execution | | `riskProfile` | string | 'moderate' | Risk tolerance | ---
Confidence: 87% confidence
Finding: autoExecute

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: ### Execution - `executeArbitrage(opportunityId, options)` - Execute arb - `configureAutoExecute(config)` - Setup auto-execute - `cancelOrder(orderId)` - Cancel pending order - `getExecutionStatus(executionId)` - Check execution status
Confidence: 89% confidence
Finding: AutoExecute

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: ### Execution - `executeArbitrage(opportunityId, options)` - Execute arb - `configureAutoExecute(config)` - Setup auto-execute - `cancelOrder(orderId)` - Cancel pending order - `getExecutionStatus(executionId)` - Check execution status
Confidence: 89% confidence
Finding: auto-execute

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal