Grid Trading Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a crypto trading bot that asks for Binance credentials and promotes automated fund-affecting behavior without enough live-trading safeguards or clear scoping.

Review carefully before installing. Do not provide real Binance keys or use real funds unless you have independently reviewed the code, confirmed it is paper/testnet by default or intentionally live, disabled withdrawal permissions, limited API scope to the minimum needed, and set clear stop-loss, max-exposure, and manual-approval controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README promotes automated trading features such as dynamic adjustment, auto-rebalancing, trend-based pausing, and auto-compounding, all of which can directly affect user funds, but it does not provide a clear warning about financial loss, execution risk, exchange/API risk, or the consequences of automation. In a trading skill, omission of these warnings can mislead users into enabling capital-affecting automation without informed consent, increasing the chance of unexpected losses.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal