Solana Dca

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed simulated Solana DCA strategy manager, with no artifact evidence of wallet access, real trading, exfiltration, or destructive behavior.

Install only if you want a simulated DCA strategy manager. Verify token, amount, frequency, and strategy ID before approving create, pause, or resume actions, and ensure the runtime supplies your authenticated user ID automatically.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description and activation scope are broad enough that the agent could invoke this financial-automation skill on loosely related user requests. In a trading context, accidental invocation is more sensitive because it can lead to creation or modification of investment strategies, even if this skill claims to be a simulation.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The example trigger phrases include generic conversational expressions like '自动买' and time-based buying language without sufficient boundary conditions, which increases the risk of false activation. In a finance-related skill, this can cause the assistant to steer users into strategy creation or management workflows when they may only be asking general questions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal