Security audit

Coinbase

Security checks across malware telemetry and agentic risk

Overview

This Coinbase skill openly provides trading access, but it can place real crypto orders with local credentials without built-in confirmations, limits, or strong credential-handling guidance.

Install only if you intentionally want an agent to access Coinbase and potentially place real trades. Use least-privilege API credentials, avoid committing the key files, restrict file permissions, require human approval before every order, and test with minimal funds or a sandbox/paper setup where possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: The file is presented as an API helper, but it includes a function that can place real orders against a live Coinbase endpoint. This mismatch is dangerous because consumers may assume the module is read-only/account-inspection code and invoke it in automation without realizing it has transaction capability.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The README explicitly promotes placing market and limit orders but does not warn that these actions can execute real trades against a live Coinbase account and affect user funds. In an agent skill context, this omission is dangerous because users or downstream agents may treat the capability as harmless exploration or testing, increasing the chance of unintended financial loss.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation explicitly demonstrates creating live market and limit orders but provides no warning that these actions can execute real trades, incur losses, or be irreversible. In an agent skill context, this is more dangerous because users may treat example code as safe boilerplate and connect it to automation, causing unintended financial transactions.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The setup instructions tell users to store API credentials, including a private key, in local files without any guidance on file permissions, secret management, or avoiding source control exposure. This increases the chance of credential leakage, which could allow unauthorized access to trading capabilities and account data.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The create_order function submits authenticated live POST requests to the Coinbase orders API with no confirmation step, simulation mode, risk checks, or trading guardrails. In an agent or automation context, this enables accidental or prompt-induced execution of real trades, potentially causing immediate financial loss with valid credentials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.