Trading Research

Security checks across malware telemetry and agentic risk

Overview

The runnable tools are read-only market research scripts, but the skill also includes guidance for live Binance account access, order placement, order cancellation, and bypassing regional API blocks.

Install only if you want a Binance-focused research assistant and are comfortable with it contacting Binance public APIs. Do not provide live Binance API keys or use its reference examples to place or cancel orders without separate review, least-privilege keys, testnet or dry-run safeguards, and explicit human confirmation. Do not use it to bypass regional Binance restrictions, and treat trading outputs as informational rather than personalized financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill is described as research-oriented, but this reference file includes authenticated account access and live trading/cancellation endpoints that materially expand capability into account operations and execution. In an agent setting, exposing these actions increases the chance that prompts or downstream logic will trigger real account changes or financial loss beyond the expected research-only scope.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The embedded Python example includes a `place_order` function that constructs and submits a live Binance order, which goes beyond passive market-data research. Example code in reference material is often reused directly, so including live execution patterns can normalize or enable unsafe deployment without proper safeguards.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The manifest description triggers on very broad categories like any crypto prices, market data, trading analysis, or crypto market questions, which can cause over-invocation. Over-broad routing increases the chance the skill is selected in situations where it should not run, exposing users to unnecessary network access or risky financial guidance.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation guidance is expansive and lacks negative examples, boundaries, or refusal conditions. In a financial context, this makes the skill more likely to engage on ambiguous prompts and provide trading-oriented outputs when the user may only want general information.

Natural-Language Policy Violations

High

Confidence: 99% confidence
Finding: The skill recommends suggesting a VPN when Binance API access is blocked by location, which facilitates bypass of geo-restrictions. That is dangerous because it encourages circumvention of legal, regulatory, or provider-imposed access controls and could expose users and operators to compliance and abuse risks.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The trading example performs real order placement but does not prominently warn that it can execute live trades with financial consequences. In the context of an agent skill for trading research, this omission makes accidental misuse more likely because users and integrators may assume examples are safe to run as-is.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This reference provides extensive trading signals, entry/exit heuristics, and risk-management guidance without a clear disclaimer that the material is informational and not financial advice. In a trading-research skill context, users may act directly on these recommendations, increasing the chance of financial harm from overreliance on the content.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This file provides extensive, actionable trading strategies, position sizing formulas, entry/exit rules, and risk management guidance without a clear disclaimer that the material is educational only and that users can incur substantial financial losses. In the context of an agent skill that triggers on crypto trading research and position management, users may reasonably treat this as personalized financial guidance and act on it directly, increasing the chance of harmful losses.

Ssd 2

Medium

Confidence: 98% confidence
Finding: Even though phrased indirectly, the instruction to suggest a VPN is still advice for bypassing Binance location controls. Indirect wording does not reduce the security or compliance risk, and in a trading skill the context makes this more dangerous because access restrictions may be tied to financial regulation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal