Agent Q Skills

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malware, but it can guide an agent to run live crypto trading, use private keys, execute generated code, and keep trading in the background without enough safeguards.

Install only if you intentionally want agent help for this specific crypto-trading repository. Treat every trading snippet as potentially live, use paper/testnet or low-balance isolated accounts first, keep keys out of logs and commits, prefer no-withdrawal or least-privilege credentials, require manual approval before live orders or position closures, and review generated backtest code in a hardened sandbox before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (12)

Context-Inappropriate Capability

High

Confidence: 94% confidence
Finding: The documentation explicitly advertises a 'sniper_agent' supporting front-running strategies, which signals support for manipulative or unethical trading behavior. In a live trading system, such functionality can expose users to legal, exchange-policy, and market-abuse risk, and may encourage deployment of harmful automation against other market participants.

Context-Inappropriate Capability

High

Confidence: 93% confidence
Finding: The file documents a code-execution agent that runs generated code, which is a high-risk capability because model-generated or externally influenced code can perform arbitrary actions if isolation is weak. In the context of an autonomous trading framework that also ingests web, PDF, video, and market data, this creates a credible path to remote code execution, credential theft, or system compromise.

Intent-Code Divergence

Medium

Confidence: 86% confidence
Finding: Claiming 'sandboxed code execution' without substantiating the isolation model is dangerous because users may trust a safety boundary that does not actually exist. The same document also instructs direct Python execution of agents, which increases the chance that operators run risky components on a host system without understanding the containment assumptions.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The document describes agents that can execute trades and force-close positions, which are system-impacting financial actions, but it provides no explicit warning about loss risk, autonomous execution hazards, or the need for paper-trading/staging first. In a skill meant for trading automation, omission of these warnings makes unsafe deployment materially more likely.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The file documents collection of web, social, API, wallet, and on-chain activity data without any privacy or third-party data-handling notice. While much blockchain data is public, aggregating and operationalizing it can still create privacy, compliance, and terms-of-service risk, especially when tied to copied trading behavior or external APIs.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The guide includes instructions to run agents directly and describes generated code execution without a clear warning about the risks of executing untrusted or model-produced code on a live system. In a multi-agent automation environment, broad execution guidance can lead users to run dangerous components with exchange keys, filesystem access, or network privileges, magnifying the blast radius of any bad output.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The RBI/backtesting flow explicitly describes taking user-supplied content, generating strategy code from it, and sending it to a code runner for execution. Even with the word 'sandboxed' present, this pattern is dangerous because LLM-generated code derived from untrusted input can lead to remote code execution, sandbox escape attempts, data exfiltration, resource abuse, or execution of harmful trading logic if isolation is weak or assumptions fail.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The markdown explicitly describes autonomous execution and generated backtest code execution in an agent-facing instruction file, but does not pair those capabilities with strong safety guardrails, approval requirements, or prominent warnings about financial and system impact. In this repository's context, that increases the chance an agent or user treats trading and code execution as routine authorized behavior, which can lead to unintended trades, unsafe code runs, or financial loss.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill's invocation guidance is very broad and can cause the agent to activate this trading-oriented skill for loosely related requests about agents, workflows, configuration, or architecture. In practice, that increases the chance that high-risk trading or execution-oriented instructions are surfaced without a clear threshold for when financial or trade-execution guidance is appropriate.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The file includes concrete trade-execution examples such as market buys on Hyperliquid and X10, but does not place prominent warnings or safeguards around live-order placement, leverage, irreversible financial loss, or the need to use sandbox/paper environments first. In a skill intended to guide an agent, these examples can normalize direct execution and materially increase the risk of unsafe autonomous or user-assisted trading behavior.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: These examples show direct live trading actions such as market buys and position closes against real exchange helper functions, but they do not prominently warn that they can execute real-money, irreversible orders. In a trading-agent skill, users may copy-paste snippets during setup or testing and unintentionally place leveraged trades with financial loss exposure.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The force-close-all example iterates across symbols and closes any open position, which can liquidate a live portfolio immediately. Without a strong warning, confirmation step, or sandbox framing, a user could run it during debugging or incident response and trigger unintended exits, slippage, fees, or loss realization.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal