Security audit

Coinw Contract Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed CoinW futures-trading skill, but it asks for high-value trading credentials and enables broad account-changing actions with weak safety and redaction guidance.

Install only if you intentionally want an agent to operate CoinW futures. Use a dedicated least-privilege API key, disable withdrawals unless strictly needed, enable IP allowlisting where possible, avoid pasting secrets into chat, require explicit confirmation for every account-changing action, and redact keys, signatures, headers, cookies, IDs, and logs before sharing troubleshooting data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The README explicitly tells users they can provide CoinW API credentials by sending them directly to the agent in chat. Chat channels are often logged, retained, forwarded to third-party model providers, or exposed in agent memory/tool traces, so encouraging secret submission through chat materially increases the risk of credential leakage and account compromise. In a crypto trading context, leaked API keys can enable unauthorized trading, balance disclosure, or fund loss depending on key permissions.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The document instructs users to enable trading and withdrawal-related API capabilities without explicitly warning about the elevated risk of account loss if those permissions are over-granted, misconfigured, or exposed. In a skill whose purpose is to help users create exchange API keys, omission of least-privilege guidance makes accidental insecure setup more likely, especially for users who may not understand the difference between read-only, trading, and withdrawal access.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The support section instructs users to provide a complete request command, user ID, IP, timestamps, full API responses, and screenshots/logs, but it does not warn them to redact API keys, signatures, authorization headers, cookies, or other secrets. In an API trading context, full request details can easily include credentials or signed payloads that enable account compromise, unauthorized trading, or privacy leakage if shared with support channels or third parties.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal