Back to skill

Security audit

Cremonix BTC/ETH Regime Intelligence + Trading Signals

Security checks across malware telemetry and agentic risk

Overview

The free market-data feed is mostly read-only, but the skill also tells agents how to create, pay for, authenticate to, and renew a paid subscription while repeatedly claiming no wallet, account, or authentication access.

Use the free delayed feed only if you are comfortable with promotional upgrade messaging. Do not allow an agent to create subscriptions, pay Lightning invoices, use API keys, or renew this service unless you explicitly intend to buy it and verify the amount, destination, and billing terms yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill presents itself as a read-only market-intelligence feed, but later embeds a full paid subscription workflow with authenticated access and account lifecycle actions. That mismatch is dangerous because an agent or user may trust the skill as non-transactional while it actually initiates commercial enrollment and transitions into credentialed API usage.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Including a purchase and subscription workflow inside a skill whose stated purpose is passive intelligence access creates hidden financial side effects. An agent could be induced to perform account creation, billing, and recurring service management in a context where users expect only data retrieval.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The statement 'Read-only intelligence. No trading, no wallets, no transfers' directly conflicts with later instructions to pay Lightning invoices from an agent wallet. This kind of contradiction can mislead a supervising system into classifying the skill as low-risk when it actually contemplates wallet-mediated payments.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The 'What this skill does NOT do' section says there is no wallet access and that the skill is completely read-only, yet the upgrade flow describes agent wallet payment and renewal. This inconsistency increases the chance of unsafe automation because operators may rely on the safer claim and miss the transactional behavior.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs agents to create subscriptions and pay invoices without a strong, up-front consent barrier immediately preceding those actions. Even though there is one sentence saying never initiate payment without explicit user confirmation, the workflow still operationalizes payment steps in a way that could be auto-followed by agents or wrappers.

Missing User Warnings

High
Confidence
99% confidence
Finding
Describing auto-renewal as something the agent should do or initiate exposes users to recurring charges without a strong user-facing authorization model. Recurring payment behavior is especially sensitive because a one-time informational query could evolve into ongoing billed actions.

Ssd 4

Medium
Confidence
95% confidence
Finding
The skill narrative starts with harmless read-only intelligence but gradually escalates into subscription creation, invoice payment, activation polling, API key retrieval, and renewal. This staged escalation is risky because it normalizes higher-privilege and higher-impact actions after establishing trust under a low-risk framing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.