Bitpanda Official

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed read-only Bitpanda account lookup tool, but it handles sensitive financial data and an API key.

Install only if you are comfortable letting the agent read your Bitpanda balances, portfolio, trades, and transaction records. Use the narrowest read-only API key available, keep BITPANDA_API_KEY out of chat, logs, screenshots, and shell history, and review financial outputs before sharing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The documentation instructs users to provide a long-lived Bitpanda API key and use the skill to retrieve sensitive financial account data, but it does not include a clear privacy warning, data-handling notice, or guidance on limiting exposure. In an agent context, this can lead users to disclose account-access credentials and portfolio history without understanding the sensitivity of the data being accessed or stored.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal