Binance API

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Binance Spot API helper with real trading capability, but its sensitive access is purpose-aligned and guarded by testnet-first and confirmation instructions.

Install only if you want an agent helping with Binance Spot workflows. Start on testnet, restrict Binance API-key permissions, require explicit confirmation for every production order, and keep ~/binance notes free of secrets, signatures, balances, and full order details unless you intentionally accept that local record.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The examples show direct use of API credentials and private keys without any warning about secret handling, storage, or logging hygiene. In a financial API skill, this omission can lead users to embed secrets in source files, terminals, shell history, or logs, increasing the chance of credential theft and unauthorized trading or account access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal