Fomo Research

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Fomo/Cope Capital research skill with expected API-key use, optional paid API access, and local trade logging that users should manage deliberately.

Install only if you are comfortable giving an agent a Cope Capital API key and having it query Cope’s API for Fomo trader research. Keep the API key private, do not enable x402 unless you intentionally want paid USDC-backed API calls, and periodically review or delete local memory/trades logs if they reveal sensitive research interests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill includes an account-setting flow that can enable x402 and authorize real USDC charges. Even though the document says to require explicit human permission, this still expands the skill from passive research into billing-affecting account modification, which is sensitive and could be misused by an over-permissive agent or prompt injection.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal