Back to skill

Security audit

Binance Trade Jury

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Binance trade-thesis review helper that sends the user’s trade idea to an external API but does not access accounts, credentials, or execute trades.

Install only if you are comfortable sending your Binance trade thesis, symbol, side, and any provided bankroll amount to the skill provider’s external API. Do not include API keys, account identifiers, private balances, or sensitive portfolio details, and treat the verdict as informational rather than trading advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to send the user's trade thesis and optional bankroll to a third-party API, but it does not require explicit user notice or consent before transmitting that potentially sensitive financial information off-platform. In this context, thesis details and bankroll can reveal investment strategy and personal financial capacity, creating avoidable privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.