Binance Trader

Security checks across malware telemetry and agentic risk

Overview

This skill is a clear Binance trading guide, but it includes ready-to-run live trade examples that could move real money without enough safety guardrails.

Install only if you intentionally want an agent to help with Binance trading. Start with testnet or read-only keys, never enable withdrawals, restrict keys by IP, prefer a dedicated subaccount with small limits, and require manual approval before any live order.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 97% confidence
Finding: The examples include live spot and futures order placement using real API credentials, but they do not prominently warn that these commands can immediately execute irreversible trades with real funds. In the context of an agent skill, users may copy or run these snippets as-is, creating a substantial risk of unintended purchases, sales, leveraged positions, and losses.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal