Back to skill

Security audit

Crypto Cog

Security checks across malware telemetry and agentic risk

Overview

Crypto Cog is a documentation-only crypto research helper that relies on CellCog, with financial-privacy cautions but no evidence of hidden or malicious behavior.

Install only if you are comfortable using CellCog for crypto research. Do not share seed phrases, private keys, wallet recovery data, exchange credentials, exact account identifiers, or unnecessary exact balances. Prefer ranges or anonymized sample holdings, keep CELLCOG_API_KEY in a secure environment variable or secret manager, and treat outputs as research support, not financial, legal, or tax advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The portfolio-review examples prompt users to share detailed asset holdings and approximate net worth without warning that this is sensitive financial data. In agent environments, such data may be logged, retained, or forwarded to external providers, creating privacy and targeting risks if exposed.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The tax and portfolio guidance examples can materially influence high-stakes financial decisions, yet the skill does not clearly state that outputs are informational only and not tax, legal, or investment advice. Users may rely on the generated recommendations without appropriate professional review, increasing the chance of financial loss or compliance mistakes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.