gate-info-coinanalysis

Security checks across malware telemetry and agentic risk

Overview

The skill appears to provide advisory crypto analysis only, with the main issue being broad activation wording rather than hidden or unsafe behavior.

Review the activation wording before installing because the skill may be invoked for broad crypto questions where a more specialized risk, security, news, or technical-analysis skill would be better. Treat outputs as informational analysis, not financial advice or a trade recommendation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill's trigger phrases and description are broad enough to match ordinary conversation such as 'how is BTC' or 'is ETH worth buying,' which can cause this skill to be invoked when a more specialized skill should handle the request. In this context, misrouting can lead to incomplete or incorrect analysis dimensions, especially because the skill explicitly excludes security/risk, event attribution, and other specialized requests.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The listed trigger scenarios use generic keywords such as 'analyze,' 'how is,' and 'worth,' which are ambiguous and overlap with many unrelated user requests. Because this skill performs a full workflow and cross-skill routing depends on nuanced intent detection, ambiguous routing logic increases the chance of invoking the wrong skill and producing misleading outputs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal