Security audit

Simmer Signal Service

Security checks across malware telemetry and agentic risk

Overview

This paid trading-signal skill mostly matches its stated purpose, but users should review it because the advertised price conflicts with the actual charge and the docs encourage repeated paid automation.

Review the billing details before installing. Assume a real non-demo signal call may charge 0.01 USDT, not 0.001 USDT, and do not enable the cron examples unless you intentionally want recurring paid calls and have a separate spending limit or monitoring in place. Verify the SkillPay skill ID and use limited-scope credentials if SkillPay supports them.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 99% confidence
Finding: The code comments and metadata state the service costs 0.001 USDT per call, but the actual charge request uses amount 0.01, a 10x discrepancy. This is a billing-integrity issue that can mislead users and cause unauthorized overcharging relative to advertised pricing.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The billing function is labeled as demo/testing behavior, but for non-demo users it performs a real charge against the live SkillPay API. Misleading comments and docstrings around payment code increase the risk of unsafe deployment, operator misunderstanding, and accidental real-money charges during testing or review.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly promotes cron-based execution every 5 minutes for a paid API but does not provide a clear, prominent warning that automation will repeatedly incur charges. In context, this is financially risky because the service is designed for frequent invocation and the file markets recurring passive revenue to the author, increasing the chance users enable costly loops without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal