Security audit

Orderly Onboarding

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Orderly Network onboarding guide with expected setup and trading-development references, but users should review install commands and leveraged-trading risks before using it.

Before installing, review the npx/npm package names and source, prefer pinned versions and local installs where practical, and inspect any MCP or agent configuration changes. Use testnet first and understand that leveraged perpetual futures can cause rapid liquidation or loss of funds.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill promotes perpetual futures trading, leverage up to 50x, and gasless/one-click trading without any explicit warning about liquidation risk, loss of funds, or suitability concerns. In an onboarding skill for AI agents, this omission can encourage unsafe downstream guidance or automation around highly speculative financial activity.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal