Back to skill

Security audit

Odaily Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed crypto news and market-data assistant that runs local Python tools and fetches public market data, with usability and dependency-hygiene risks but no artifact-backed malicious behavior.

Install only if you want an agent skill that can run Python, install Python dependencies, and make live network calls for crypto market/news analysis. In sensitive environments, pin and review requirements before use, avoid broad auto-invocation from generic trigger words, and only configure Supabase if you intentionally want whale-trade records written to your own database.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to discover a local directory, install dependencies, and run a Python script while also relying on network access, yet it declares no permissions. That mismatch is dangerous because it hides the true execution and data access surface from users and reviewers, making arbitrary code execution and outbound requests occur without clear consent or sandbox expectations.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list for the 'today watch' module includes very generic terms such as '今日', '头条', '快讯', and '新闻', which are common in ordinary conversation and can cause unintended invocation. In an agent setting, accidental activation can pull external market data and consume model/API resources, while also steering the conversation into financial-analysis behavior the user did not explicitly request.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The market-analysis trigger list contains broad standalone terms like '行情', '市场', '走势', '价格', and even ticker symbols such as 'BTC' and 'ETH', all of which may appear in unrelated user requests. This raises the chance of unintended execution of finance-oriented tooling, causing resource consumption and potentially unsolicited trading-style output.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The tomorrow-watch triggers include generic words like '明日', '明天', and '关注', which are common in everyday scheduling and planning requests. This can misroute ordinary queries into the skill, causing unnecessary data retrieval and irrelevant risk/event analysis output.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The whale-scan module uses mixed generic finance terms including '巨鲸', '预测', '尾盘', '跟单', and '大户', some of which can appear in unrelated finance or news discussions. In a tool-enabled agent, that creates a realistic risk of accidental invocation of external scans and generation of high-risk trading-oriented content without clear user intent.

Vague Triggers

Medium
Confidence
96% confidence
Finding
Using a generic phrase like '日报' to trigger all five modules is especially risky because it can invoke multiple external data pulls and produce a large composite response from a very common word. This amplifies the blast radius of accidental activation by increasing resource usage, response volume, and behavioral diversion in one step.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The consolidated trigger table repeats and expands broad keywords across modules without clear scope boundaries, increasing collision risk between modules and with normal user speech. In practice this makes routing less predictable and can cause the wrong tool—or multiple tools—to activate from ambiguous prompts.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger list contains many generic phrases like '今天', '最新情况', and '给我看看' that can overlap with ordinary conversation. This can cause unintended skill activation, which is risky here because activation leads to shell-based execution, package installation, and network-backed data retrieval rather than a harmless text-only response.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation directs Bash to locate files under user directories, install requirements, and execute Python without presenting any security warning or confirmation flow. In context, this creates a meaningful execution risk because a user or agent may run unreviewed local code and fetch third-party packages automatically, which expands the attack surface to supply-chain and local-environment compromise.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.