vibetrading-ai-trading-code-generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a trading-code generator that fits its stated purpose, but it can produce and run live exchange automation with weak safety boundaries.

Install only if you are prepared to review generated strategy code manually and run it in a sandbox or Hyperliquid testnet first. Use least-privilege API keys with no withdrawal authority, small limits, and a separate account; do not rely on the validator or sample backtests as proof of safety, and do not run generated strategies on real funds until live-trading confirmation, dry-run behavior, risk limits, and a kill switch are added.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README includes a destructive cleanup command using wildcard deletion without an explicit warning that the operation is irreversible and assumes the current working directory is correct. In a skill that encourages users to run shell commands directly, this increases the chance of accidental data loss if paths are mistaken, expanded unexpectedly, or copied into the wrong directory.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The backtest engine dynamically loads and executes a Python file supplied via the strategy_path argument using importlib and exec_module, which runs arbitrary top-level code immediately on import. In this skill's context, strategies are generated from natural-language prompts and may be user-provided or AI-generated, so this creates a direct arbitrary code execution path on the host running the backtest, not just a trading-logic risk.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The function dynamically imports and executes a Python file chosen at runtime via spec.loader.exec_module(strategy_module), which runs top-level code from that file with the privileges of the current process. In a code-generation/trading skill, this is especially dangerous because strategy files may come from user prompts or generated artifacts, making arbitrary code execution a realistic path to credential theft, filesystem access, network exfiltration, or unsafe trading actions.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The README explicitly encourages users to move from simulations to live trading by integrating real market data, API connectivity, and real order execution, but it does not place a clear, immediate warning at that transition point about irreversible real trades and possible financial loss. In the context of a code-generation skill for automated trading, that omission can normalize unsafe progression from examples to production and increase the chance that a user deploys unvetted strategy code against a live exchange.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The runner dynamically imports and executes any Python file provided as a strategy via exec_module(), which runs top-level code immediately on load. In this skill's context, strategies are generated from natural-language prompts and may be user-supplied or AI-generated, so this creates a direct arbitrary code execution path on the host running the backtest, not just a trading-logic risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The validator rewrites the target Python file in place when fixes are applied, but there is no explicit confirmation, backup, or safe-output path. In a code-generation skill for trading strategies, silently altering source files can destroy user logic, corrupt generated strategies, or persist unsafe modifications that are later executed in an automated trading context.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The import check creates and runs a temporary Python script that imports the user-supplied/generated module, which executes that module's top-level code. Importing untrusted strategy code is equivalent to running it, so a malicious strategy can perform arbitrary code execution, file access, network calls, or credential theft during validation.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The strategy automatically cancels all existing orders and immediately places a new live grid without any explicit confirmation, dry-run mode, or warning that real trades will be executed. In a trading-code-generation skill, this is especially dangerous because users may run generated code as-is and unintentionally trigger live market actions and order cancellations that can cause financial loss or disrupt existing strategies.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The API client is hardcoded to testnet=False, which connects the generated strategy directly to the production trading environment with no explicit disclosure or consent gate. Given the skill’s purpose is to generate executable trading bots, this context increases the danger because users are likely to execute the template unchanged, leading to unintended live trades with real funds.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal