Security audit

Agent-Powered Carbon Credit Trading & CBAM Compliance

Security checks across malware telemetry and agentic risk

Overview

This non-executable guide is topic-coherent, but it needs review because it gives production-style instructions for automated financial trading while also claiming sandbox-only use.

Review carefully before installing or following the examples. Treat this as production financial automation documentation: use sandbox or test accounts first, use least-privilege keys, require explicit approval for every trade, transfer, escrow release, retirement, dispute action, and procurement request, and add spend limits, monitoring, and emergency stop controls before connecting real funds or compliance workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The document makes conflicting safety claims: it says examples use a sandbox and no API key is required, while the code and later text target a production API and authenticated calls. This mismatch can cause users or downstream agents to run real authenticated operations under the false belief they are in a harmless sandbox, increasing the chance of unintended financial actions and credential exposure.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The guide simultaneously states that every example runs against the production API and that all examples work with the sandbox without an API key. In a skill about escrow, transfers, and trading, that contradiction is dangerous because readers may execute real-money workflows believing they are only testing.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill contains detailed examples for escrow creation, transfers, trade execution, and funding of wallets, but it does not prominently require human approval or warn that these are real-money, irreversible operations. In an agent skill, such examples can be copied into autonomous workflows and trigger unauthorized or unintended financial transactions.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guide references a read/write production API credential but does not clearly explain the sensitivity of that token or the risks of using it with the provided examples. Because the examples perform authenticated external actions, mishandling the credential could enable unauthorized trades, wallet operations, or disclosure of account-linked activity.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal