Dx Terminal Pro

Security checks across malware telemetry and agentic risk

Overview

This skill openly manages a live trading vault, but it gives agents direct private-key commands that can move funds or change trading behavior without built-in approval safeguards.

Install only if you intentionally want an agent to help manage a DX Terminal vault. Use a dedicated low-balance wallet, keep the private key out of chats and logs, and require explicit approval for every deposit, withdrawal, settings update, or strategy change after checking the contract address, network, method, value, and parameters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill documents live on-chain commands that can deposit funds, withdraw assets, and change trading behavior using a private key, but it does not include explicit confirmation, risk, or irreversibility warnings. In an agent setting, this increases the chance of accidental execution of asset-impacting actions, potentially causing immediate financial loss or unintended strategy changes.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The inference-log endpoint exposes the trading agent's internal reasoning and strategy signals, which may contain sensitive operational information. Without a privacy warning, users may over-share or retrieve and disclose proprietary trading logic, weakening strategy secrecy and potentially exposing market-sensitive behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal