Security audit

Strategy Voting

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed trading-signal helper, but its outputs should be treated as risky financial suggestions rather than automatic trading instructions.

Install only if you want a local technical-analysis signal generator. Do not connect its output directly to live trading without explicit confirmation, position sizing, stop-loss rules, and independent review, because the recommendations can be wrong and losses are possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This is a true issue because the skill explicitly produces actionable trading signals, including instructions to go long, close positions, or short, yet it provides no user-facing warning about financial risk or the possibility of loss. In this context, the omission is more dangerous because the skill is positioned as an integrated signal generator for an existing trading bot, increasing the likelihood that users treat the output as live execution guidance rather than educational analysis.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal