Ccxt Crypto Api

Security checks across malware telemetry and agentic risk

Overview

This skill is a high-impact finance automation guide with real trading capabilities, but its crypto scope is mixed with unrelated A-share/ZVT stock workflows and unclear safety boundaries.

Review carefully before installing. Treat this as capable of guiding real crypto account actions, use read-only or testnet credentials first, never grant withdrawal permission unless absolutely required, require explicit confirmation for every live order or lending action, and resolve the ZVT/A-share documentation mismatch before relying on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (12)

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The skill is presented as a crypto-exchange trading interface, but the user guidance redirects into A-share/HK stock providers, backtesting, and stock entity formats. In a trading-capable skill, this inconsistency can cause the agent to select the wrong workflow, produce invalid orders, or operate on unintended markets, increasing the chance of harmful financial actions.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The 'What I'll Ask You' section contradicts the declared purpose of the skill by steering users toward stock-market data sources, stock symbols, and backtest parameters. Because this skill can affect exchange accounts and orders, contradictory prompts materially raise the risk of unsafe automation, user confusion, and execution in the wrong financial domain.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The human-facing summary describes a different skill domain than the manifest: ZVT-based A-share/HK/crypto quant research and backtesting instead of a CCXT crypto exchange API wrapper. This kind of semantic mismatch can mislead users and downstream agents into invoking the skill for unintended tasks, causing unsafe actions, incorrect automation, or misuse of trading capabilities under false assumptions about what the skill actually does.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The tagline explicitly claims the skill helps build A-share quant strategies with ZVT, directly contradicting the declared CCXT crypto exchange API purpose. In an agent setting, this can trigger wrong tool selection and unsafe financial workflows, especially where account-connected trading or market actions depend on accurate scope descriptions.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The listed prompts ask for stock-market providers, backtest periods, and target stock entities, which are inconsistent with a crypto exchange API skill. This can steer users or orchestrating agents into supplying irrelevant or sensitive financial inputs and can produce incorrect execution paths or decisions based on a false understanding of the skill's capabilities.

Description-Behavior Mismatch

Critical

Confidence: 99% confidence
Finding: The seed content materially contradicts the declared skill identity: the metadata says this is a CCXT crypto exchange API skill, but large portions of the file operationalize a ZVT-based A-share/backtesting workflow with different preconditions, pipelines, validators, and user messaging. This kind of semantic mismatch is dangerous because users or host agents may invoke the skill under false assumptions, causing execution of unintended finance workflows, wrong dependencies, and potentially unsafe trading or data operations in the wrong domain.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The user-facing sections explicitly tell users the skill builds A-share quant strategies with ZVT, directly conflicting with the CCXT crypto API manifest. In a trading context, misleading operator guidance is security-relevant because it can drive users into executing the wrong workflows, installing the wrong packages, or trusting constraints and safeguards that do not apply to the actual code path.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The execute trigger matches broad intent terms plus common action verbs like run, execute, fetch, and collect, making accidental invocation plausible. In a skill that supports trading and lending operations, unintended activation can lead to unnecessary account access, market actions, or generation of risky automation steps without sufficiently specific user consent.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill advertises order management, balance monitoring, and automated lending, but does not clearly warn users that it may perform real account-affecting financial operations. For a trading skill, omission of explicit warnings and safety boundaries increases the risk that users invoke live trading or lending unintentionally, with direct monetary consequences.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The invocation language is broad ('Just tell me what you want; I'll write the code') and paired with mismatched domain claims, which increases the chance that an agent will activate the skill for tasks outside its intended scope. In a trading context, overbroad activation raises the risk of unintended automation, code generation, or execution paths that users did not mean to trigger.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The execution trigger activates on broad action verbs like run/execute/fetch/collect combined with common intent terms, which can overlap with normal conversational requests. That increases the risk of unintended skill activation, especially for a high-impact finance skill capable of trading, balance access, and data operations.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The post-install prompt encourages broad natural-language triggers like 'try X' or 'what else can you do?', which can train users and host systems toward ambiguous activation patterns. In a finance/trading skill, ambiguous triggers increase the chance of accidental invocation of sensitive workflows or mismatched use cases.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal