Security audit

Scalping

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed trading-strategy template with financial risk warnings, not an auto-running or hidden-access skill.

Install only if you want a speculative crypto scalping template for study or adaptation. Do not deploy the included futures strategy as-is; test, tune, and understand the exchange, margin, fee, and loss risks before using it with real funds.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill description uses broad trigger phrases such as 'scalping', 'momentum bursts', and '5-minute strategy' without clear boundaries, which can cause an agent to invoke this skill for loosely related trading requests. In an automated assistant, ambiguous routing can result in inappropriate or unsafe strategy recommendations being surfaced in contexts where the user did not ask for this specific high-risk futures template.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The 'When to use' section relies on informal natural-language cues like 'fast in/out' and 'buy when volume spikes' that overlap with ordinary market discussion. This increases the chance of misclassification and accidental invocation, which is more concerning here because the skill contains executable trading logic for leveraged futures and could steer users toward a known-unprofitable high-turnover strategy.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal