Back to skill

Security audit

Simmer Market Maker

Security checks across malware telemetry and agentic risk

Overview

This market-making skill is purpose-aligned, but its live mode can place real trades and cancel all existing open orders on the connected account.

Review carefully before installing. Use dry run or TRADING_VENUE=sim first, prefer a dedicated trading account/API key, and do not run --live on an account with manual orders or other strategies unless you accept that open orders may be cancelled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The strategy unconditionally calls a bulk DELETE endpoint to cancel all open orders before placing new quotes. In a live trading context, this can disrupt unrelated user strategies or manually managed orders on the same account, causing unintended loss of market exposure and operational harm.

Intent-Code Divergence

Low
Confidence
74% confidence
Finding
The code comment says Kalshi markets are not supported for real trading, but client initialization still trusts the TRADING_VENUE environment variable without enforcement. This mismatch can cause the skill to operate against an unintended venue if the environment is manipulated or misconfigured.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises a `--live` mode for placing real market orders but does not provide an explicit warning about financial loss, use of live API keys, or the fact that the strategy cancels existing open orders before replacing them. In this context, omission is dangerous because users may assume safe or paper-trading behavior and unintentionally trigger real trades, churn orders, or disrupt existing positions in a live market.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The --set path writes persistent configuration to disk without an interactive warning or confirmation. In an agentic or automated setting, this can silently alter future trading behavior beyond the current run, making accidental or malicious parameter changes sticky.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.