Back to skill

Security audit

farmdash futures strategist

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed high-risk crypto futures trading skill, but its trading authority is purpose-aligned and gated by user signatures and explicit confirmation rules.

Install only if you are comfortable letting an agent prepare and submit user-signed Hyperliquid futures orders through FarmDash. Treat every execution or cancellation as a financial transaction: verify asset, side, size, leverage, stop, liquidation estimate, and order IDs before confirming, and do not provide private keys or seed phrases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest advertises broad autonomous futures trading and execution capabilities, including strategy generation, sizing, account inspection, and order placement, but it does not define concrete invocation constraints, disallowed scenarios, or mandatory human approval boundaries beyond a descriptive sentence in one tool. In a leveraged perps context, this can enable unsafe or unintended trading behavior by downstream agents that treat the manifest as sufficient authorization, increasing the risk of financial loss from autonomous execution.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The cancellation tool can materially alter live trading state by removing protective or pending orders, yet its manifest description contains no explicit requirement for user confirmation or warning. In a derivatives environment, unauthorized or automatic cancellation can expose positions to liquidation, missed exits, or strategy failure, especially if an orchestrating agent invokes the tool speculatively.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The skill describes operation in `bounded_autopilot` with automatic shadow processes and autonomy downgrades, but does not define a clear user opt-in, default-off behavior, or hard execution constraints tied to that mode. In a trading skill, even bounded autonomy increases the risk of the agent taking or preparing stateful actions beyond the user's expectations, especially when paired with execution and cancellation capabilities.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.