my-crypto-signal-skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed crypto market-analysis skill that fetches public market/news data, writes local signal records, and does not place trades or show hidden destructive behavior.

Safe to install for crypto research if you are comfortable with local signal files and third-party API calls. Use revocable API keys, avoid adding exchange credentials unless needed, and start the scheduler only intentionally because it can keep polling and consume API quota.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill advertises and relies on powerful capabilities including environment access, file read/write, network access, and shell execution, yet it declares no explicit permissions. This creates a dangerous transparency and policy gap: a caller or platform may invoke the skill without understanding that it can access secrets, modify files, and execute commands, increasing the risk of credential exposure or unintended code execution paths.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger list is very broad, including generic terms like "buy," "sell," "trade," and macro-news phrases such as "CPI" and "Fed." This can cause the skill to activate in unrelated conversations, unexpectedly invoking networked trading-analysis behavior and increasing the chance of accidental data access or unreviewed tool execution.

Session Persistence

Medium

Category: Rogue Agent
Content: ## Rules - NEVER print raw JSON or file contents; summarize key fields only. - NEVER invent probability forecasts or advice beyond what the script outputs. - After `signal` completes: write `llm_judgment` into the signal JSON (1-2 sentences max), then run `verify`. Do NOT do anything else. - When reading any `.json` file, extract only: direction, confidence, score, key factor votes, news_summary. Discard the rest. ## Setup
Confidence: 89% confidence
Finding: write `llm_judgment` into the signal JSON (1-2 sentences max), then run `verify`. Do NOT do anything else. - When reading any `.json` file, extract only: direction, confidence, score, key factor votes

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal