Back to skill

Security audit

agentic-trader

Security checks across malware telemetry and agentic risk

Overview

This skill openly sets up an autonomous real-money options trader, but its unpinned remote installer and externally driven trade execution need careful review before use.

Install only if you are prepared to audit the GitHub repository and installer first, understand it can place real-money options trades, and are comfortable connecting a brokerage account and any payment/feed credentials. Use small, user-chosen limits and verify how to stop the agent before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.