BTC Signals Pro

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Bitcoin market-data API skill, but users should treat its trading outputs as risky financial information.

Install only if you trust BTC Signals Pro with an API key and are comfortable with your agent making authenticated requests to that provider. Keep the key private, monitor API usage, and manually review any buy/sell levels, stop-losses, or bot-pattern guidance before risking funds.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill instructs activation for broad user prompts like 'When a user asks about Bitcoin markets or trading,' which can cause the agent to invoke the external service for routine market-chat requests without clear user consent or scoping. In a finance context, this increases the chance that ordinary conversation content is unnecessarily sent to a third-party API and that the model over-relies on automated trade guidance for sensitive decisions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill does not clearly warn users that their trading-related queries may be sent to an external third-party API. This is risky because users may assume analysis is local to the assistant, while their prompts and derived market requests are used to query an outside service tied to their API key.

External Transmission

Medium

Category: Data Exfiltration
Content: ### Authentication - **Header:** `X-API-Key: {{BTC_SIGNALS_API_KEY}}` - **Base URL:** `https://api.btcsignals.pro/v1` - **Rate Limit:** 60 requests/minute ### Initialization
Confidence: 93% confidence
Finding: https://api.btcsignals.pro/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal