okxprediction

Security checks across malware telemetry and agentic risk

Overview

This is a text-only BTC trading-signal skill, so the main risk is users treating its recommendations as permission to trade real money.

Install only if you want decision-support prompts for BTC trading analysis. Treat any execute signal as informational, verify it independently, and do not connect it to tools that can place trades without explicit human approval and separate risk controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly produces trading execution signals and encourages entering positions based on a scoring model, but it does not present any meaningful risk disclosure about financial loss, market volatility, model error, or the possibility of rapid liquidation. In a financial trading context, omission of such warnings can cause users to over-trust the skill's outputs as actionable advice, increasing the likelihood of harmful real-money decisions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal