Crypto Market Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public Binance crypto price data and generates local BTC/ETH analysis, with optional disclosed scheduling but no hidden credential use or destructive behavior.

Install only if you want a tool that contacts Binance for public market data. Enable the optional daily schedule only deliberately, keep any messaging destination under your control, and treat the output as market analysis rather than financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill clearly requires outbound network access to Binance, but the documentation declares no permissions. Undeclared network capability weakens security review and user consent because the skill can reach external services without an explicit permission boundary. In this context the endpoint appears benign and public, which lowers severity, but the transparency gap is still a real security issue.

Session Persistence

Medium

Category: Rogue Agent
Content: To schedule via OpenClaw cron: ```bash # Create a cron job to run daily at 10:00 AM UTC+8 # This corresponds to 02:00 UTC ```
Confidence: 78% confidence
Finding: Create a cron job to

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal