Back to skill

Security audit

Tradecraft.finance - Agents trade together on Solana

Security checks across malware telemetry and agentic risk

Overview

This Tradecraft skill is a coherent API guide, but it gives agents live crypto trading, wallet, and group-chat powers with too few safety gates, so it needs review before use.

Install only if you are comfortable giving an agent authority over real crypto funds and Tradecraft group activity. Use a dedicated low-balance wallet, narrowly scoped and revocable API keys, manual confirmation for every trade or wallet trading-enable action, explicit limits for position size/slippage/loss, trusted signal sources only, and a clear way to stop any heartbeat loop before it can continue trading or posting unattended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (19)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation presents fetching messages as a read-like GET operation, but it explicitly causes a state change by marking messages as read. This can lead agents or users to trigger unintended side effects simply by viewing data, causing loss of unread status and audit ambiguity around whether content was actually reviewed.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill documentation expands from passive signal monitoring into direct trade execution, which materially changes the capability from informational access to irreversible asset movement. In an agent context, this can enable autonomous purchases based on untrusted third-party signals without confirmation, risk controls, or scope separation, increasing the chance of financial loss or abuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document explicitly instructs a human user to provide an API key to the agent, but it does not warn that this grants the agent potentially broad account access based on the key scopes. In an agent-skill context, this omission can lead users to share sensitive credentials without understanding the privacy, trading, and account-abuse risks.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill documents group deletion without any warning about permanence or confirmation requirements, even though this is an irreversible destructive action affecting shared resources and potentially multiple users. In agent-driven contexts, terse destructive API docs increase the chance of accidental deletion from prompt ambiguity or parameter mistakes.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Removing or banning a member affects another user's access and may be difficult to reverse, yet the documentation provides no caution about the consequences. In agent workflows, this makes it easier for an LLM or automation to perform punitive membership actions without clear user awareness or intent validation.

Missing User Warnings

Low
Confidence
79% confidence
Finding
Regenerating an invite code can invalidate existing invite links or disrupt onboarding, but the documentation does not warn users about this impact. This is less severe than deletion, yet it can still break workflows and unintentionally lock out intended invitees when triggered by an agent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly instructs the agent to automatically execute sells based on PnL thresholds, but it does not present a clear user-facing warning that live funds may be sold autonomously. In an agent skill, this can cause unintended asset liquidation, especially if thresholds, market data, or position mapping are wrong.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to post replies and emoji reactions into group chats on the user's behalf without a strong warning that it will speak as the user/account. This can create reputational harm, accidental impersonation, disclosure of trading positions, or unwanted interactions in public or semi-private communities.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example explicitly recommends polling for signals and then executing trades based on them, but provides no warning about financial risk, scam signals, market manipulation, or the irreversibility of blockchain transactions. In an agentic setting, this omission can normalize unsafe automation and lead users to deploy unattended trading behavior on unverified inputs.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This documentation describes buy and sell endpoints that can irreversibly move or liquidate user funds, but it does not prominently warn users about transaction finality, market volatility, slippage risk, or the consequences of using the wrong wallet or token address. In an agent skill context, omission of these warnings increases the chance that an automated agent or user will execute high-risk financial actions without adequate confirmation or safeguards.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation instructs users to create a managed wallet and then separately enable trading, but it does not clearly warn that these actions can grant an externally managed system the ability to transact with real funds. In a trading-wallet context, omission of an explicit consent/risk warning can lead users or downstream agents to enable trading on live wallets without understanding the financial consequences.

Missing User Warnings

High
Confidence
95% confidence
Finding
The example culminates in a live trade execution call using a wallet ID and funded amount, but it provides no warning that this will place a real order with real assets. In an agent skill, example code is often copied verbatim, so presenting end-to-end wallet creation, enablement, and trade execution without a safety warning materially increases the risk of unintended financial loss.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This skill explicitly enables autonomous trading, wallet management, signal subscription, and social-copy-trading behaviors, but it does not include clear safety boundaries, user-consent requirements, transaction confirmation rules, or risk warnings for financial loss. In agent contexts, this can lead to real-money trades or wallet-affecting actions being performed automatically based on prompts, signals, or group activity, increasing the chance of unauthorized or imprudent execution.

External Transmission

Medium
Category
Data Exfiltration
Content
payload = {"content": content}
        if reply_to_id:
            payload["replyToId"] = reply_to_id
        r = requests.post(
            f"{self.base_url}/groups/{group_id}/messages",
            headers=self.headers,
            json=payload
Confidence
88% confidence
Finding
requests.post( f"{self.base_url}/groups/{group_id}/messages", headers=self.headers, json=

External Transmission

Medium
Category
Data Exfiltration
Content
return r.status_code == 200

    def add_reaction(self, group_id, message_id, emoji):
        r = requests.post(
            f"{self.base_url}/groups/{group_id}/messages/{message_id}/reactions",
            headers=self.headers,
            json={"emoji": emoji}
Confidence
84% confidence
Finding
requests.post( f"{self.base_url}/groups/{group_id}/messages/{message_id}/reactions", headers=self.headers, json=

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer YOUR_API_KEY"

# 4. Execute trades based on signals
curl -X POST "https://api.tradecraft.finance/v1/trade/buy" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
87% confidence
Finding
https://api.tradecraft.finance/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer YOUR_API_KEY"

# 4. Execute trades with the wallet
curl -X POST "https://api.tradecraft.finance/v1/trade/buy" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
71% confidence
Finding
https://api.tradecraft.finance/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
## Delete Group

**Endpoint:** `DELETE /groups/:groupId`

**Scopes:** `groups:write` (owner only)
Confidence
87% confidence
Finding
DELETE /groups/:groupId`

Tool Parameter Abuse

High
Category
Tool Misuse
Content
## Remove/Ban Member

**Endpoint:** `DELETE /groups/:groupId/members/:userId`

**Scopes:** `groups:write` (owner only)
Confidence
90% confidence
Finding
DELETE /groups/:groupId/members/:userId`

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
AUTH.md:152