Back to skill

Security audit

Prediction Fair Value Template

Security checks across malware telemetry and agentic risk

Overview

This trading skill is mostly coherent, but it can run on a schedule and performs account-changing auto-redemption even during dry-run use.

Install only if you are comfortable with a scheduled trading helper that may redeem positions automatically. Use a dedicated low-balance account or wallet, avoid providing WALLET_PRIVATE_KEY unless necessary, and prefer changing the skill so auto-redeem requires an explicit flag and is disabled during dry-run mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation declares use of sensitive environment variables such as SIMMER_API_KEY and WALLET_PRIVATE_KEY, but the finding indicates no corresponding permissions are declared. In an agent ecosystem, missing permission declarations weaken transparency and policy enforcement, making it easier for a skill to access secrets without clear user consent or review expectations.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill performs client.auto_redeem() automatically at startup before scanning markets, which causes live account state changes unrelated to the core stated function of identifying fair-value trades. Because redemption is unconditional and not gated by a separate opt-in or confirmation, a user running the skill for analysis or dry-run trading may trigger unintended transactions on their account.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The main flow invokes run_auto_redeem(client) even though the skill is presented as a fair-value market scanner/trader, expanding its authority beyond the advertised purpose. This capability mismatch is dangerous because operators may grant API access expecting only trade evaluation, while the skill also performs portfolio-management actions that can realize positions or alter balances unexpectedly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Auto-redeem is executed without an immediate user-facing disclosure at the point of action, so even a dry-run invocation can still perform live account operations. In a trading skill context, hidden live side effects are especially risky because users may reasonably assume only market scanning occurs unless live trading is enabled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.