Back to skill
Skillv1.0.0
Static analysis security
nadfunagent · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 30, 2026, 4:59 AM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.4.5
Evidence
criticaltrading/check-pnl.js:192
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticaltrading/sell-all.js:102
Shell command execution detected (child_process).
suspicious.dangerous_exec
criticalscripts/check_positions.js:13
Environment variable access combined with network send.
suspicious.env_credential_access
criticaltrading/check-pnl.js:43
Environment variable access combined with network send.
suspicious.env_credential_access
criticaltrading/execute-bonding-v2.js:15
Environment variable access combined with network send.
suspicious.env_credential_access
criticaltrading/fix-entry-prices.js:17
Environment variable access combined with network send.
suspicious.env_credential_access
criticaltrading/sell-all.js:20
Environment variable access combined with network send.
suspicious.env_credential_access
criticaltrading/sell-token.js:117
Environment variable access combined with network send.
suspicious.env_credential_access
warnscripts/check_positions.js:19
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warntrading/check-pnl.js:45
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warntrading/execute-bonding-v2.js:16
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warntrading/fix-entry-prices.js:19
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warntrading/sell-all.js:22
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration