Mi Trading

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Solana trading skill, but it gives an agent enough authority to install a remote CLI and execute real wallet trades without a clear per-trade approval requirement.

Install only if you trust the ClawDex CLI and understand that real swaps can move or lose funds. Use a dedicated wallet with small funds, pin and verify the CLI package instead of relying on `@latest`, set strict safety limits, and require the agent to show the quote and simulation result before you explicitly approve every real swap.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to execute `clawdex swap --yes --json` for real swaps but does not explicitly state that this broadcasts a live, irreversible on-chain transaction that can spend user funds immediately. In an agentic context, this omission is dangerous because the workflow normalizes autonomous trade execution and may lead to unintended fund loss if a user request is ambiguous, maliciously injected, or insufficiently confirmed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal