Back to skill

Security audit

Apex Trading & Analysis

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real ApeX trading tool, but it can place or cancel live futures orders with no built-in confirmation step.

Install only if you intentionally want an agent to help with live ApeX futures trading. Use testnet first, keep the API key, secret, passphrase, and Omni seed out of chat and source control, restrict API permissions where possible, and require explicit user confirmation before every trade, close-position, cancel-all, or reward-enrollment action. Treat generated trade signals as informational, not financial advice, and protect or delete trading-state.json on shared or synced machines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
This script adds a standalone CoinGecko market-analysis and trade-signal engine inside a skill described as ApeX trading and portfolio management. That mismatch is dangerous because it can cause the agent to generate or rely on undeclared decision-making logic for live trading, expanding the skill's effective behavior beyond its stated scope and user expectations.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The file goes beyond monitoring or executing user-requested ApeX actions and instead produces direct LONG/SHORT recommendations from simplistic heuristics. In a trading skill context, this is risky because the agent may present low-quality analysis as actionable guidance, nudging users toward financial decisions without sufficient validation, suitability checks, or safeguards.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The Chinese trigger phrases include very generic expressions such as '报名活动' and '参加活动', which can be spoken in many non-trading contexts. In a high-risk trading skill, overly broad triggers increase the chance of accidental invocation and unintended enrollment or follow-on account actions, especially when paired with a default reward ID.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill exposes irreversible and financially destructive actions such as market buys, market sells, and `cancel-all`, but does not place a clear, explicit risk warning adjacent to those commands. Although later sections mention confirmation and price checks, the command documentation itself normalizes execution of sensitive actions without emphasizing that they can immediately cause losses, close positions, or remove protective orders.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script outputs explicit trading recommendations such as entering LONG or SHORT positions without any disclaimer that the content is informational, probabilistic, and not financial advice. In a trading assistant, omission of such warnings increases the chance users will over-trust the output and act on weak heuristics as if they were endorsed investment guidance.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script performs live financial actions such as market orders, limit orders, and cancel-all directly from command input with no secondary confirmation, dry-run mode, or transaction preview. In an agent skill context, this is especially dangerous because a misinterpreted user request, prompt injection, parameter confusion, or automation mistake can immediately trigger irreversible trading losses or unintended order cancellation.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.