Bitget Poolx Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill does monitor Bitget PoolX, but it also includes live billing code and anti-bot bypass behavior that need review before use.

Review this before installing. Use it only if you explicitly accept r.jina.ai proxying, Cloudflare/anti-bot bypass implications, and SkillPay billing. Do not run billing.py or call charge_user unless you have verified the SkillPay account, the API key, the billed user_id, and an explicit user-approved charge flow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The file implements billing, charging, and payment-link generation even though the declared skill purpose is Bitget PoolX monitoring. This mismatch is dangerous because users or reviewers may authorize a monitoring skill without realizing it can transmit identifiers to a third-party billing service and initiate charges, creating hidden financial and privacy risk.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The skill contains third-party billing capabilities unrelated to its stated monitoring purpose, including charge initiation and payment-link generation. In context, this makes the skill more dangerous because the hidden monetization path can be abused for unauthorized charging, deceptive behavior, or collection of user identifiers under false pretenses.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The implementation does not match the declared skill behavior: instead of using r.jina.ai as described, it launches a stealth-configured Playwright browser and directly accesses Bitget while attempting to evade bot detection. This is dangerous because it conceals materially different network behavior from reviewers and users, increasing the risk of policy violations, undisclosed scraping, or later repurposing for more abusive automation.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The code includes explicit anti-detection measures such as disabling automation indicators and overriding navigator.webdriver, even though the stated purpose is only to monitor for new staking projects. These evasion features are risky because they are characteristic of bot-detection bypass techniques and can facilitate unauthorized scraping or circumvention of access controls beyond the claimed monitoring use case.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill sends requests through r.jina.ai but does not clearly warn users that content retrieval is routed via a third-party proxy. That creates privacy, integrity, and trust risks because queried URLs and returned content are exposed to an intermediary, and users may incorrectly assume they are connecting only to Bitget.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code can transmit `user_id` to an external billing provider and attempt to charge the user without any visible confirmation, consent flow, or warning at the point of action. That is dangerous because it enables silent financial operations and external sharing of identifiers, especially problematic in a skill whose advertised purpose does not mention billing.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This skill performs external network access through automated browsing and includes anti-detection behavior, but provides no user-facing disclosure about what site is being accessed, how automation is used, or that bot-evasion techniques are present. Lack of transparency is dangerous because operators may unknowingly deploy behavior that violates site terms, triggers account/IP blocking, or creates compliance and trust issues.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill sends requests to r.jina.ai, a third-party relay, instead of directly to Bitget, but provides no clear disclosure to the user that request metadata and retrieved content transit through an external service. This can expose usage patterns, queried targets, and returned content to an additional party, increasing privacy, integrity, and supply-chain risk.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The explicit statement that the skill is used to 'bypass Cloudflare' signals intentional circumvention of a site's access controls without giving the user justification, choice, or risk disclosure. In this context, that increases compliance, trust, and misuse concerns, especially because the skill relies on an external relay to avoid normal site protections.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal