Binance Stat Arb Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Binance market-signal monitor that fetches public data, writes local signal files, and optionally sends alerts, with no hidden trading or data exfiltration found.

Install in a virtual environment, pin or audit dependencies before long-term use, keep Telegram/Feishu tokens private, and treat generated trade signals as informational rather than automated financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.28.0 python-dateutil>=2.8.0
Confidence: 94% confidence
Finding: requests>=2.28.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.28.0 python-dateutil>=2.8.0
Confidence: 89% confidence
Finding: python-dateutil>=2.8.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High

Category: Supply Chain
Confidence: 97% confidence
Finding: requests

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal