Binance Exchange

Security checks across malware telemetry and agentic risk

Overview

This skill performs read-only Binance market-data lookups, but users should pay attention to its proxy guidance before using it.

Install only if you are comfortable using Binance market-data endpoints through the configured proxy. Use a proxy you control or trust, check that this complies with your local rules and Binance terms, and avoid downloading any missing helper scripts from untrusted sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill explicitly instructs users to route Binance API traffic through proxy nodes in specific foreign regions to bypass regional restrictions, without any user consent, policy gating, or compliance warning. That creates a real policy and security concern because it normalizes geo-circumvention and could expose users to legal, compliance, and traffic interception risks through third-party proxy infrastructure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal