Security audit

Trade Thesis

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent pre-trade checklist, but users should treat it as risky financial decision support rather than trading permission.

Install only if you want an agent to help structure pre-trade analysis. Do not treat the output as financial advice, and require explicit user approval before using real funds or deploying any live strategy, especially when position sizing or stoploss recommendations are produced.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly frames itself as a prerequisite before live deployment and provides actionable guidance for entering real-money trades, sizing positions, and setting stoplosses, but it does not require a clear user-facing warning that trading can cause financial loss and that outputs are informational rather than fiduciary advice. In an agent setting, this can normalize autonomous or semi-autonomous execution of risky trades without adequate consent, risk disclosure, or operator friction.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal