Back to skill

Security audit

Orderly Sdk React Hooks

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Orderly trading SDK reference; its risky examples are visible and purpose-aligned, but users should add their own financial safety checks before using them with real funds.

Install only if you want a developer reference for Orderly React hooks. Treat the code samples as potentially live financial code: use testnet or sandbox first, pin and verify dependencies, and add explicit confirmations plus validation of symbol, size, price, token, chain, address, allowance, leverage, and withdrawal destination before using with real funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill includes copyable examples for placing, editing, and canceling live trading orders without any caution that these actions can execute real market transactions and cause financial loss. In a reference skill for trading hooks, omission of warnings increases the chance that users or downstream agents invoke these functions in production-like contexts without confirmation or environment checks.

Missing User Warnings

High
Confidence
97% confidence
Finding
The deposit and withdrawal examples demonstrate moving funds, approving token spend, and sending assets to an address/network without emphasizing irreversible consequences or the need to verify destination chain, token, and recipient. This is especially risky because users may copy the examples directly, and mistakes in address or network selection can lead to permanent loss of funds.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The TP/SL and leverage examples automate position changes and leverage adjustment without warning about liquidation risk, trigger misconfiguration, or unintended execution. In a trading SDK reference, these examples can normalize direct use of sensitive controls without risk disclosure or guardrails, increasing the chance of harmful automated trading behavior.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.