Back to skill

Security audit

Coinbase OpenAPI Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about being a Coinbase trading integration, but it enables live financial actions with persistent credentials and limited confirmation guidance.

Install only if you intend to let an agent work with Coinbase Advanced Trade. Use a dedicated least-privilege Coinbase API key, keep it read-only unless trading is truly needed, protect and rotate the private key, prefer a reviewed or pinned schema, and require manual approval for every live order or cancellation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Low
Confidence
84% confidence
Finding
The OpenAPI description exposes account and trading capabilities but does not define any invocation boundaries, allowed contexts, or constraints for when the skill should be used. In a trading skill, lack of scope guidance increases the chance an agent may invoke sensitive actions in overly broad contexts or without adequate user intent verification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The spec includes authenticated order creation and batch cancellation endpoints, which are financially destructive operations, but provides no embedded warning, confirmation, or approval guidance. In an agent-integrated trading context, this omission can lead to unintended order placement or mass cancellation if the model misinterprets user intent or is prompt-injected.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation includes executable write examples that place live orders and cancel orders against production Coinbase endpoints without any warning that these actions affect real funds. In a trading skill, this materially increases the risk of accidental financial loss because users may copy-paste examples assuming they are safe demos or dry runs.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The auth setup instructs users to load a Coinbase private key into environment-backed credentials but does not emphasize that this is highly sensitive material that can authorize account actions. While using environment variables is common, omitting handling guidance can lead to insecure storage, shell history exposure, accidental logging, or reuse on shared systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.