Crypto Research Assistant

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward crypto research prompt skill, with the main caution that crypto topics can drift into investment advice.

Installers should treat outputs as research support, not financial advice. Ask the agent to distinguish facts from opinion, verify current market data from reliable sources, and avoid acting on investment suggestions without independent review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The invocation rule says to activate the skill whenever users ask cryptocurrency-related questions, which is overly broad and can cause the skill to intercept many queries without clear user intent. In a finance-adjacent context, this increases the chance of unsolicited investment-style guidance, misrouting, or overuse of a specialized skill where a general answer or clearer consent would be safer.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal