Back to skill

Security audit

Riskgate Market Signals

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only crypto market signal skill that discloses its RiskGate API use and credential handling, with no hidden executable behavior found.

Install only if you trust RiskGate as a crypto market-signal provider. If you set RISKGATE_API_KEY or M2M credentials, expect them to be sent to RiskGate for authentication; use limited credentials, keep them out of logs and shared files, and do not let this skill alone authorize trades without separate limits and human approval rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documentation explicitly instructs the skill to read an API key from the RISKGATE_API_KEY environment variable, which gives the skill credential-access behavior beyond merely consuming market data. In an agent setting, encouraging environment-variable access expands the trust boundary and can lead to unintended use of sensitive credentials or account-scoped actions without clear user consent.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Including OAuth client-credentials flow for machine-to-machine access broadens the skill from passive market-signal retrieval to reusable autonomous authentication infrastructure. In an agent context, this can enable unsupervised access with long-lived service credentials and increase the chance of secret collection, misuse, or expansion beyond the stated watchlist and signal-gating purpose.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation provides a hardcoded demo API key and instructs fallback behavior to that key if no environment variable is present, without guardrails around account ownership, rate limits, or secret-handling expectations. This normalizes embedded/shared credentials and can cause unintended third-party account usage, opaque external calls, and insecure operational patterns when copied into agent logic.

External Transmission

Medium
Category
Data Exfiltration
Content
Check remaining calls for your key.

```
GET https://api.riskgate.xyz/v1/account/credits
X-API-Key: {YOUR_KEY}
```
Confidence
62% confidence
Finding
https://api.riskgate.xyz/

External Transmission

Medium
Category
Data Exfiltration
Content
For programmatic agent access without a human API key, RiskGate supports OAuth 2.0 Client Credentials.

```
POST https://api.riskgate.xyz/auth/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id={ID}&client_secret={SECRET}
Confidence
85% confidence
Finding
https://api.riskgate.xyz/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
api-reference.md:20