Apex Trading & Analysis

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate ApeX trading skill, but it can place live futures orders and cancel orders with limited built-in safeguards.

Install only if you intentionally want an agent to help with live ApeX futures trading. Use testnet first, keep API credentials and the Omni seed out of chat and source control, restrict API permissions where possible, and require explicit user confirmation before every trade, close-position, cancel-all, or reward-enrollment action. Protect or delete trading-state.json if the machine is shared or backed up.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: This script emits explicit long/short trading recommendations based on simplistic CoinGecko momentum heuristics, even though the skill is scoped for ApeX trading and account monitoring rather than independent signal generation. In a trading skill context, unsupported recommendations can directly influence user decisions and create unsafe or misleading automation-adjacent behavior.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The code adds an external market-signal function using CoinGecko that is not necessary for the stated ApeX platform-management purpose. Scope expansion is risky in a trading skill because it can introduce unreviewed decision-support behavior that may be trusted as part of the execution workflow.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README includes natural-language examples such as entering or closing positions through the assistant without an adjacent warning that these requests can trigger real trades. In a trading skill that supports authenticated order execution, this can normalize high-risk commands and increase the chance of accidental or insufficiently scrutinized trade placement by users or downstream agents.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The Chinese trigger phrases are broad enough to match generic requests like '报名活动' or '参加活动' without clearly indicating ApeX or OpenClaw intent. In a trading skill that can submit reward enrollments automatically, this can cause unintended action invocation and enrollment on behalf of the user from ambiguous natural-language input.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The document describes required authentication headers and secrets for private trading endpoints but provides no warning about secure handling, storage, or exposure risks of those credentials. In a trading skill, this omission increases the chance that API keys, passphrases, or seeds are mishandled or logged, which could enable unauthorized account access and trading activity.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The reference lists live order placement, order deletion, and reward submission endpoints without clearly warning that they can execute trades, cancel orders, or otherwise affect real user funds and positions. Because this skill is specifically for perpetual futures trading, the context makes the omission more dangerous: users or downstream agents may treat these endpoints as routine API calls rather than financially sensitive actions.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script produces actionable trading advice like 'Enter BTC LONG' or 'Enter ETH SHORT' without any disclaimer, risk framing, or indication that the heuristic may be unreliable. Because this is embedded in a trading-oriented skill, users may reasonably treat the output as trusted guidance and take risky actions.

Missing User Warnings

High

Confidence: 97% confidence
Finding: This skill can place live market/limit orders and cancel all orders immediately based solely on command-line arguments, with no confirmation prompt, dry-run mode, testnet default, or explicit acknowledgement for destructive actions. In a trading skill context, this materially increases the risk of accidental or unauthorized execution leading to direct financial loss, especially for market orders and bulk cancellations.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script writes current positions and account size to a predictable local file without any explicit warning, consent, or protection controls. In a trading skill context, positions and equity are sensitive financial data; storing them on disk can expose portfolio information to other local users, backup systems, logs, or later-compromised processes, especially if file permissions are not restricted.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal