Back to skill

Security audit

Trading DevBox POC

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a trading prototype, but it exposes live deployment and wallet creation without enough user-facing safety controls.

Review before installing. Treat this as capable of real trading or wallet-related actions unless the publisher documents otherwise. Prefer using it only in paper/sandbox mode, do not fund any generated wallet until key storage is clear, and require explicit confirmation before any live deployment or use of USDC.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill advertises broad natural-language control over backtesting and deployment without clear scope boundaries or confirmation requirements. In an agent setting, vague invocation semantics can cause accidental activation of sensitive actions, especially when deployment to live trading is exposed alongside ordinary conversational usage.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The usage guidance says to 'just describe your trading idea,' which is overly permissive and lacks boundaries separating analysis from execution. This increases the chance that ambiguous user language is interpreted as authorization to perform consequential actions rather than merely draft or simulate a strategy.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description explicitly includes live strategy deployment but provides no warning about financial loss, automated order execution, or irreversible market actions. Because the skill is user-invocable and framed as natural-language driven, users may not appreciate that casual prompts could lead to real-world trading consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Stating that a wallet is auto-generated on first run with zero user interaction introduces custody, privacy, and authorization concerns without explaining how keys are stored, who controls them, or what funds may be exposed. Silent creation of financial accounts can surprise users and undermine informed consent, particularly in a trading context.

Missing User Warnings

High
Confidence
98% confidence
Finding
The deploy example '上线,100 USDC' demonstrates committing capital without any adjacent warning, confirmation language, or indication that this may be a real-money action. In practice, examples strongly shape user behavior, so presenting live-capital deployment as a normal conversational step increases the risk of accidental or uninformed trading execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal