Back to skill

Security audit

MLB Live Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paper-first MLB trading skill that can place capped real-money orders only when the user explicitly enables live mode.

Use paper mode first. Only enable --live if you understand prediction-market and jurisdictional risk and are willing to lose the capped funds. Avoid --no-safeguards in live mode unless you deliberately accept weaker SDK context checks, and keep API keys and wallet material in environment-managed secrets rather than config files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes capabilities that perform file reads/writes, network access, and shell-based installation/execution, yet the finding indicates no declared permissions. That mismatch is a real security issue because users and hosting platforms cannot accurately reason about the skill's operational privileges, which weakens consent, sandboxing, and policy enforcement.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest explicitly supports live execution with an external wallet private key but does not provide a clear warning that live mode can place real-money trades and incur financial loss. In a trading skill, omission of this disclosure increases the chance of unsafe user activation or misunderstanding, especially because the file presents the wallet key as an optional configuration detail without paired risk messaging.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
):
                    return SafeguardResult(False, f"SDK context warning: {warning}", context=context)

    # Readiness/exposure preflight remains mandatory even with --no-safeguards.
    preflight = client.preflight(
        venue=VENUE if live else "sim",
        planned_amount=plan.amount_usd,
Confidence
90% confidence
Finding
--no-safe

Tool Parameter Abuse

High
Category
Tool Misuse
Content
help="persist a config override; repeatable",
    )
    parser.add_argument(
        "--no-safeguards",
        action="store_true",
        help="skip SDK context/discipline checks; hard risk controls and preflight remain",
    )
Confidence
93% confidence
Finding
--no-safe

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.