Gmgn Base Tracker

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only crypto tracking skill that searches public market sources and formats results, with no install scripts, credentials, persistence, or data mutation.

Before installing, be aware that this skill may activate on broad terms like help, live, or 1h; prefer manual or clearly crypto-specific invocation if your agent supports that. Treat outputs as informational trading signals only, verify external links and token data directly on trusted sources, and never provide wallet secrets or private keys.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list contains broad, common terms such as "help," "live," "monitor," "trending," and especially "1h," which can appear in many unrelated conversations. This can cause unintended skill activation, leading the agent to pivot into crypto/web-search behavior when the user did not intend it, increasing the chance of irrelevant external queries, confused delegation, or unsafe context switching.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal