Bartrd

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent Bartrd integration that can change your Bartrd account or spend credits only after user confirmation.

Install only if you trust Bartrd with an API key for your account. Store BARTRD_API_KEY in a secure environment or secrets configuration, do not commit or share it, and review trade details, match IDs, and credit costs before confirming any account-changing action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README instructs users to generate and configure an API key but provides no guidance on secure handling, such as avoiding commits to source control, storing secrets in a dedicated secret manager, or limiting key exposure. This can lead to accidental credential leakage, which is especially relevant here because the key appears to authorize account actions such as posting offers, accepting matches, and spending credits on AI-generated work.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal