Back to skill

Security audit

Cross Funding Arb

Security checks across malware telemetry and agentic risk

Overview

This is a coherent crypto arbitrage bot, but it needs Review because it can trade real futures accounts unattended and reuse local messaging credentials for financial notifications.

Install only if you intend to run an automated live crypto futures trader. Use testnet first, create restricted trading-only API keys with withdrawals disabled, set explicit small budgets instead of relying on full balances, protect the .env file, and review or disable Discord/Telegram fallback credential use before enabling cron.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill reads unrelated OpenClaw/ZeroClaw daemon configuration files from the user's home directory to discover Discord and Telegram credentials. This violates least privilege and allows the strategy to silently reuse secrets from other tools, broadening access beyond what a trading skill should need.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README clearly instructs users to run an automated live trading strategy on a recurring schedule against real exchange accounts, but it does not provide an explicit warning that the bot can place real orders, lose funds, incur liquidation, or malfunction under market/API failures. In the context of leveraged derivatives trading, this omission materially increases the chance that a user deploys the skill with real capital without understanding the financial risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation describes autonomous opening, closing, rollback, and monitoring of live exchange positions, but it does not prominently warn that real funds may be traded continuously using supplied credentials. In this context, insufficient warning is security-relevant because users may grant powerful API keys or private keys without understanding the operational and financial risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill requests highly sensitive credentials, including a private key and exchange API secrets, and instructs users to store them in a local .env file without clear guidance on protecting that file. If the host is shared, backed up insecurely, or permissions are lax, these credentials could be stolen and used to trade or withdraw depending on account settings.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The cron examples enable unattended execution every 5 minutes and daily reporting, but they do not clearly emphasize that the bot will continue trading automatically until disabled. For a strategy that can open and close positions on real exchanges, unattended scheduling materially increases risk from bugs, market changes, or credential misuse.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code harvests notification credentials from unrelated daemon configs without any user-facing disclosure or consent. In context, this is particularly dangerous because the skill also sends operational and portfolio details externally, enabling unauthorized use of existing messaging integrations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill transmits account balances, positions, APR, PnL, and risk events to Telegram and Discord without any clear user disclosure in the skill interface. Because this is an automated trading agent, these outbound messages can leak highly sensitive financial telemetry to third-party services and channels the user did not explicitly approve.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The document directs use of a third-party service (VarFunding) to source trading opportunities but does not warn users that strategy queries and market-selection context may be transmitted to an external provider. In a live trading/arbitrage skill, this creates privacy, dependency, and integrity risk because users may unknowingly rely on unverified off-platform data to drive exchange actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section describes automated live order placement, rollback, health checks, and automatic position closing across two exchanges without a clear user-facing warning that real funds can be committed and lost. In trading automation, omission of this warning is dangerous because users may enable the skill without understanding execution risk, slippage, API/account misconfiguration, or rapid loss scenarios during partial fills and exchange failures.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.