Binance Alpha Explorer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Binance listing monitor that uses public Binance APIs and limited local state, with no evidence of credential theft, destructive behavior, or hidden data exfiltration.

Install only if you are comfortable letting the skill connect to Binance and store its own state/history under ~/.config/alpha. No Binance API key is needed, but environments with strict filesystem or network controls should add explicit permission declarations or configure containment before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill performs network access and local file read/write operations, but those capabilities are not declared in permissions. This creates a transparency and trust problem: a user or platform may authorize the skill expecting only in-memory monitoring, while it also persists data under ~/.config/alpha and communicates with external endpoints. In this context the behavior appears aligned with the stated functionality, so the issue is under-disclosure rather than overtly malicious behavior.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 87% confidence
Finding: The declared purpose says the skill maintains an in-memory known-symbol set, but the documentation shows broader behavior: persistent storage, history management, reset/status commands, and additional REST API use. This mismatch can mislead reviewers and users about the actual attack surface, data retention, and external communications, reducing informed consent and weakening security review. The skill context makes this somewhat less dangerous because the extra behavior is still related to coin monitoring, but it remains a real documentation-to-behavior integrity issue.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal