Outsmart DEX Trading

Security checks across malware telemetry and agentic risk

Overview

This skill is for Solana trading, but it can use a raw wallet private key to execute real irreversible fund-moving transactions, so users should review it carefully before installing.

Install only if you trust the external `outsmart` npm CLI with a Solana private key. Use a dedicated low-balance wallet, prefer dry-runs first, require explicit confirmation before every buy, sell, snipe, liquidity, fee-claim, or pool-creation command, and protect or remove `~/.outsmart/config.env` when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill provides concrete commands for buy, sell, liquidity, fee claiming, and pool creation using a configured Solana private key, but the setup and command sections do not prominently warn that these are live on-chain operations that can immediately move user funds. In an agent context, this increases the risk of unintended real-money transactions because users may interpret examples as informational rather than executable financial actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal