Gemini Chat .Md Converts

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as a Solana arbitrage tool, but the bundle includes unrelated high-risk trading, browser-stealth, and remote-command instructions that users should review carefully.

Do not install this as a normal Solana arbitrage skill unless the package is cleaned and republished with only purpose-matched files. At minimum, remove unrelated AGENTS/GEMINI transcripts, Pocket Options and stealth-browser content, Telegram remote-shell/C2 snippets, broad agent-hub instructions, and any private-key or cron guidance that is not explicitly required and user-controlled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (95)

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The file’s contents describe a Pocket Options binary-options bot with Martingale and browser automation, which materially conflicts with the declared Solana funding-rate arbitrage skill. This kind of identity mismatch is dangerous because it can mislead operators, reviewers, or downstream agents into enabling unrelated high-risk trading and automation behavior under false pretenses.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: Stealth browser techniques and anti-detection guidance are not justified by a Solana perp funding arbitrage scanner/trader, which should interact with APIs, SDKs, or on-chain infrastructure rather than evade website detection. Their presence suggests concealed automation against third-party platforms and increases the risk of abusive behavior, account bans, or hidden unauthorized actions.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The documented handling of Pocket Options credentials is unrelated to the declared Solana arbitrage use case and indicates the skill may collect or use credentials for a different external trading platform. In context, this is dangerous because users may provide sensitive account secrets to an unexpectedly unrelated system, enabling account compromise or unauthorized trading.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The introductory documentation explicitly frames the project as a Pocket Options Martingale bot, directly contradicting the declared Solana funding-arbitrage identity. This deceptive presentation increases the likelihood of supply-chain abuse, because reviewers may approve or invoke a skill for one purpose while it is actually intended for another, riskier activity.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The file content is materially inconsistent with the declared skill purpose: instead of funding-rate arbitrage logic or operating instructions, it contains generic Agave/Solana validator coding guidance for a different project. In an agent skill, this kind of mismatch can mislead downstream agents, cause them to operate on the wrong codebase or assumptions, and conceal the actual behavior or provenance of the skill, which is a supply-chain and trust-boundary risk.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The statement 'All scanned and verified safe' is an unsubstantiated trust claim embedded in a security-relevant document. Per your instructions, such language is a red flag because it can bias operators or downstream agents into lowering scrutiny of skill packages without evidence, provenance, or a repeatable verification process.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The file is materially unrelated to the declared Solana funding-rate arbitrage purpose and instead contains personal dossiers, legal strategy, compromised-device notes, and remote-control instructions. This mismatch is dangerous because it can smuggle unauthorized operational behavior and adversarial prompt instructions into a skill that users would reasonably trust as a trading utility.

Context-Inappropriate Capability

Critical

Confidence: 99% confidence
Finding: The embedded Command-and-Control section describes a Telegram-driven remote shell with /exec support, which is unrelated to arbitrage scanning and enables remote command execution on the host. In skill context, this is especially dangerous because users may install or trust the package for trading, while it introduces a covert administration channel that could be used for full system compromise.

Context-Inappropriate Capability

Critical

Confidence: 100% confidence
Finding: The commander.py snippet directly concatenates user-supplied Telegram arguments into a shell command and executes them with shell=True, creating arbitrary command execution capability. This can be used to run any system command, exfiltrate secrets, install persistence, or pivot further into the environment.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The file materially expands the skill from a narrow Solana funding-rate arbitrage tool into a broad multi-agent trading and orchestration platform with persistent state, tasking, and cross-project coordination. This scope mismatch is dangerous because users or higher-level agents may grant permissions, trust, or automation authority based on the declared funding-arbitrage purpose while the embedded instructions and context enable much broader behavior.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The documented agent registry, messaging/tasks, and integrator-style coordination capabilities exceed what is necessary for a funding-arbitrage skill and create latent authority for broader autonomous actions. In the context of an auto-trading skill, unnecessary coordination features increase the blast radius of misuse, prompt injection, or operator misunderstanding by allowing the component to influence files, tasks, or other agents outside its stated role.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The file advertises flash loans, multi-DEX routing, spot/route arbitrage, and atomic execution features that are outside the stated funding-rate arbitrage scope and materially increase operational and financial risk. In a trading automation context, these capabilities can enable far more aggressive strategies than users expect, including leveraged or composable on-chain actions with larger loss potential and a wider attack surface.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The file content describes an AI agent networking/MCP hub with agent registration, inter-agent messaging, context sharing, task coordination, REST exposure, and blockchain tooling, which materially differs from the declared Solana funding-rate arbitrage skill. This kind of capability mismatch is dangerous because it can conceal broader system behavior than users expect, leading to unexpected network exposure, data sharing, or agent orchestration under the guise of a trading skill.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: General-purpose agent registry, inter-agent messaging, context sharing, and global task coordination are unjustified for a funding arbitrage skill whose expected scope is rate analysis and trade execution. Such excess capability expands the attack surface and creates opportunities for unauthorized tasking, lateral movement between agents, or misuse of shared context beyond the user's trading intent.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The file content is materially inconsistent with the declared skill purpose of Solana funding-rate arbitrage on Drift and Flash Trade. Instead, it presents a broader Solana engineering environment tied to 'Operation IRONCLAD,' high-leverage trading, and custom bot development, which suggests hidden or undeclared functionality and raises strong supply-chain and misuse concerns.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The references to Telegram C2 and remote DoorDash monitoring introduce unrelated remote-control and operational-surveillance context with no legitimate connection to a funding arbitrage skill. In a security review, such instructions are a red flag because they normalize covert command-and-control style workflows and suggest the skill may be embedding non-financial operational use cases.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The document sends conflicting signals by calling the environment 'development only' while simultaneously associating it with live high-leverage trading and 'God-Bot' initiatives. This contradiction can cause unsafe operator assumptions, weaken deployment controls, and make it easier for risky or unreviewed code to move from testing into real trading environments.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: This content materially departs from the declared skill purpose of Solana perpetual funding-rate arbitrage and instead documents building a Pocket Option binary-options watcher/click bot. That mismatch is dangerous because it broadens the skill into high-risk browser automation and trading execution behavior that operators may not expect, increasing the chance of misuse, policy bypass, or accidental deployment of unrelated and risky automation.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The file further pivots into generic DeFi flash-loan arbitrage and smart-contract drafting, which is outside the stated Drift/Flash Trade funding-arbitrage use case. In a trading skill, hidden expansion into flash-loan and atomic-arbitrage guidance is dangerous because it enables development of powerful financial automation primitives that can be repurposed for abusive or noncompliant activity and defeats users' ability to understand the skill's real capabilities.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The markdown explicitly plans Python/Selenium/OpenCV-based page watching and automated UI clicking for Pocket Option, capabilities that are unjustified for a Solana funding-rate arbitrage skill. This is dangerous because browser automation that reads live pages and places trades can bypass intended API controls, create account-integrity and platform-abuse risk, and provide a ready path to automating speculative trading on unrelated services.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The file is materially misaligned with the stated skill purpose. Instead of implementing or documenting Solana funding-rate arbitrage, it contains a chat transcript offering discretionary, directional, high-leverage trading coaching, which can cause the agent to behave outside its declared scope and expose users to unsafe financial actions.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The content provides personalized tactical guidance for extreme-risk trades, including 100x-187x leverage entries, flips, and timing cues. In the context of a skill advertised for funding-rate arbitrage and auto-trading, this broadens behavior into dangerous speculative coaching that could directly influence users toward rapid total-loss decisions.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The transcript repeatedly claims the assistant can watch tabs, monitor live prices, and issue alerts despite being a static markdown export with no such capability. These false capability claims can mislead users into relying on nonexistent monitoring during high-risk trading, increasing the chance of unobserved losses and unsafe automation assumptions.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: This file is materially inconsistent with the declared skill purpose. A Solana funding-arbitrage skill containing legal-document analysis and drafting content indicates undocumented capabilities and poor scope control, which can bypass review expectations and cause users or orchestrators to invoke the skill in unintended high-risk domains.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The embedded packet-capture and malware-analysis transcript is unrelated to the advertised trading/arbitrage functionality. Hidden security-analysis capability inside a finance skill expands the attack surface, undermines user trust, and suggests the skill may be repurposed for tasks not disclosed in its manifest.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal