Freqtrade Strategy Dev

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Freqtrade strategy guide, but users should treat its live crypto trading steps as real financial risk.

Install only if you want help with Freqtrade strategy development. Keep usage limited to writing, backtesting, and dry-run testing unless you explicitly decide to trade live; live cryptocurrency trading can lose funds through market movement, fees, latency, and slippage.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document instructs users to proceed from dry-run to live trading with real funds and gives operational advice like starting with small positions, but it does not include an explicit warning that users can lose real money, that backtests do not guarantee future performance, and that cryptocurrency trading is highly risky. In a strategy-development skill focused on improving profitability, this omission can materially increase the chance that users treat the workflow as sufficiently safe for deployment and incur financial losses.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal