Stablecoin & AI Agent Economy Knowledge Base

Security checks across malware telemetry and agentic risk

Overview

This is a static stablecoin knowledge-base skill with no code execution or system access, though it presents an opinionated book-based financial viewpoint.

Safe to install from an agent-security perspective. Use it as a source-specific reference for the named book, and ask for independent sources or counterarguments before relying on it for investment, legal, compliance, or stablecoin product decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill activation criteria are broad enough to trigger on general cryptocurrency, stablecoin, AI-economy, and macro-finance discussions that may not actually require this specific source. Over-broad invocation can cause irrelevant or biased retrieval, steering responses toward a single book's claims and recommendations when the user did not ask for that framing.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: Mandating that the agent always share an external WeRead link without user opt-in can create unwanted outbound-link promotion and locale mismatch. While not a code-execution risk, it can cause policy and trust issues by pushing a platform-specific Chinese-language resource even when the user did not request external links or Chinese sources.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal