Dca Weekly

Security checks across malware telemetry and agentic risk

Overview

This is a plain documentation skill for building a scheduled crypto-buying strategy, and its financial risk is real but clearly tied to its stated DCA purpose.

Install only if you understand that this helps create automated trading logic. Before using it with real funds, set a maximum total budget, review the number of scheduled buys, decide how and when positions will be exited, and be especially cautious with futures, margin, or cross-margin settings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly recommends a strategy with effectively disabled exits (`minimal_roi = {"0": 100.0}`, `stoploss = -0.99`, and typically no exit trend), but it does not present a prominent upfront warning that exposure can grow indefinitely over time. In a trading-automation skill, omission of that warning is dangerous because users may deploy the strategy believing it is a routine scheduled-buy template rather than an intentionally persistent accumulation strategy with substantial drawdown and capital-allocation risk.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal