Back to skill

Security audit

Simmer Skill Builder

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for building Simmer trading skills, but it can lead an agent to publish generated work publicly and produce live-money trading bots without strong approval and risk-warning checkpoints.

Install only if you intend to build Simmer trading automation. Review generated skills before running or publishing them, keep them in dry-run mode unless you intentionally accept live trading risk, and do not provide wallet/private-key credentials unless you understand the venue and have stored secrets securely.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill goes beyond generating a local folder and instructs the agent to publish outputs to ClawHub and distribute them via public repositories. External publication is a materially different and higher-risk action than local generation because it can leak proprietary strategy logic, publish unsafe code, or create supply-chain exposure if done automatically or on insufficient review.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger language is very broad, including phrases like building a bot, automating a trade idea, or turning a tweet into a strategy. Overly broad activation criteria increase the chance this powerful skill is invoked in contexts where the user did not intend code generation, trading-skill scaffolding, external API usage, or publication workflows, which can lead to unsafe or excessive actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file explicitly documents a `--live` mode for a trading script that can execute real trades, but it does not pair that capability with a clear warning about financial risk, irreversible execution, or safeguards such as confirmation prompts. In a skill-builder context that generates installable trading skills, this omission increases the likelihood that users enable live trading without understanding the consequences, leading to unintended financial loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example explicitly describes autonomous trading behavior that fetches external signals and executes BUY/SELL actions, but it does not present a prominent warning that running the generated skill can place real trades and lose funds. In a skill-builder context, this is more dangerous because users may treat the example as a template and generate installable bots from natural-language prompts without appreciating that the output can auto-execute market orders.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The API reference shows a live trading configuration using a real venue and a real-looking API key prefix without any adjacent warning that this can execute trades with real funds. In a skill-builder context that generates installable trading automation, users may copy these examples directly, increasing the chance of unintended live-money trading and financial loss.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation names private-key environment variables required for real-money venues but does not warn about secure secret handling, storage, or exposure risks. In a code-generating trading skill, this omission can lead users or generated code to mishandle highly sensitive credentials, enabling account compromise and unauthorized trades if leaked.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.