Back to skill

Security audit

Near Dca

Security checks across malware telemetry and agentic risk

Overview

This skill is not shown stealing data, but it asks for wallet-key based trading authority while under-scoping the risks and can record mock trades as successful purchases.

Review carefully before installing. Do not provide a funded wallet private key unless you have independently verified the code and are comfortable with recurring automated trades. Treat transaction hashes, prices, alerts, and performance history as untrusted until real on-chain execution, notification delivery, consent gates, and spending limits are implemented and verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented behavior is narrower than the detected operational scope, especially around purchase execution, exchange integration, alerts, and possible credential use such as account_id/private_key. This mismatch is dangerous because users may authorize or run a financial automation skill without understanding that it can execute trades, persist strategy data, and potentially handle secrets across more systems than disclosed.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill advertises NEAR dollar-cost averaging functionality, but the implementation only saves plan metadata to a local JSON file and never performs token purchases, wallet operations, or blockchain interactions. This is dangerous because users may believe they have automated investment protection in place when in reality no trades will occur, leading to missed purchases, financial loss from false reliance, and unsafe operational assumptions.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The code accepts a schedule string and displays it back to the user, but it never parses, validates, or executes the schedule. In the context of an investment automation skill, this can mislead users into thinking recurring purchases are scheduled when no automation exists, increasing the chance of missed trades and incorrect financial planning.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README documents automated token purchases, scheduled execution, and strategy deletion/pause actions without prominent warnings about financial loss, market volatility, irreversible transactions, or the destructive effect of deleting strategies/history. In a trading skill that can execute unattended on mainnet using a configured private key, this omission can cause users to enable risky automation without informed consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This skill describes recurring token purchases but omits clear warnings about financial risk, automated spending, volatility, slippage, failed execution, and the consequences of unattended scheduling. In a trading automation context, lack of risk disclosure can lead users to enable recurring purchases they do not fully understand, increasing the chance of financial loss or unsafe deployment.

Missing User Warnings

High
Confidence
93% confidence
Finding
The action accepts a raw private key as an input parameter and immediately passes it into a purchase-executing path, with no visible confirmation, consent checkpoint, or safer signing abstraction in this file. In a financial trading skill, this is especially dangerous because callers may be induced to hand over wallet secrets to the skill, and a compromised or buggy downstream implementation could misuse the key to authorize unintended on-chain transactions.

Missing User Warnings

High
Confidence
87% confidence
Finding
The scheduled trigger automatically executes purchases with no visible disclosure, approval gate, or protective checks in this file before initiating financial activity. In the context of a DCA trading skill, autonomous purchase execution can cause unauthorized or unexpected recurring trades, especially if a strategy is misconfigured, hijacked, or enabled without the user fully understanding that real funds will be spent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes a delete-strategy action for trading automation state without any documented confirmation, safeguard, or warning semantics. In a financial automation context, accidental or unauthorized deletion can disrupt scheduled purchases, erase operational state, and lead to loss of strategy continuity or user confusion, especially if deletion is irreversible.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill defines an automated schedule that executes DCA purchases every 5 minutes and is configured for mainnet, but it does not present an explicit user-facing warning that this can trigger real on-chain trades with real funds. In a trading skill, silent automation on mainnet materially increases the risk of unintended financial loss, especially if a strategy is misconfigured or created without strong operator awareness.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
executePurchase will use configured account credentials automatically when explicit credentials are not passed, allowing the component to initiate asset swaps without any approval gate in this code path. In a wallet/trading skill context, silent use of stored private keys increases the risk of unintended or unauthorized trades if the function is invoked by another component or exposed action.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
executeScheduledPurchases can automatically trigger live swaps for every due active strategy using stored credentials, with no per-execution confirmation, kill switch, or safety interlock shown in this file. In a financial automation skill, this is especially dangerous because any accidental scheduling, compromised caller, or misconfiguration can repeatedly spend funds on-chain without immediate user awareness.

Session Persistence

Medium
Category
Rogue Agent
Content
## Features

- Create DCA plans
- Cancel DCA plans
- List all DCA plans
- Track DCA performance
Confidence
81% confidence
Finding
Create DCA plans - Cancel DCA plans - List all DCA plans - Track DCA performance - Flexible scheduling (daily, weekly, etc.) ## Commands ### `near-dca create <token> <amount> <schedule> [account]` C

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.