Aevo Trading Skill

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate-looking AEVO trading assistant, but it handles private trading credentials and can place real orders with some scoping and disclosure gaps users should review first.

Install only if you intentionally want an AI agent connected to AEVO trading. Prefer testnet or read-only credentials first, independently verify the MCP server or hosted endpoint, avoid wallet private keys unless absolutely necessary, clear credentials after use, and manually review every order, cancellation, leverage change, and strategy execution before confirming.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (8)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The README explicitly promotes order execution, bracket orders, and trading strategies, but it does not clearly warn that these actions can affect real funds, create live market exposure, and may be difficult or impossible to reverse once submitted. In a trading skill, that omission increases the chance that users treat the integration like a harmless analytics tool and trigger unintended financial loss.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README instructs users to place API secrets and a private signing key directly into client configuration examples without any visible warning about secret handling, storage risk, access control, or the consequences of exposing a signing key. Because these credentials can enable account access and live order signing, disclosure could lead to unauthorized trading or account compromise.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Triggering solely because AEVO MCP tools are connected is ambiguous and unsafe, because tool availability does not imply the user wants this trading skill engaged. Given this skill can authenticate, inspect portfolios, and execute or cancel orders, accidental activation raises the risk of overreach into sensitive financial operations and increases the chance of socially engineered trade actions.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Triggering solely because AEVO MCP tools are connected is ambiguous and unsafe, because tool availability does not imply the user wants this trading skill engaged. Given this skill can authenticate, inspect portfolios, and execute or cancel orders, accidental activation raises the risk of overreach into sensitive financial operations and increases the chance of socially engineered trade actions.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The example gives concrete trading recommendations such as directional bias, perp positioning, and options strategies without any balancing warning about financial risk, suitability, or that the content is not financial advice. In a trading skill, this context makes the omission more dangerous because users are likely to treat the output as actionable investment guidance and may incur losses by following it directly.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document explicitly instructs users to execute live trades by setting `dry_run=false` and describes closing or cancelling live order legs, but it does not include any warning about financial loss, irreversible execution, or the need for explicit user confirmation before placing orders. In a trading skill connected to real exchange tooling, this omission increases the chance that an agent or user will move from planning to real execution without appreciating the risk, which can cause immediate monetary loss.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation explicitly exposes parameters for highly sensitive secrets such as wallet_private_key, signing_key_private_key, api_key, and api_secret, and says the authenticate tool stores credentials for later use, but it does not provide a prominent warning about the risks of sharing, persisting, or mishandling those secrets. In an agent skill context, this is dangerous because users may paste live private keys into an AI-connected tool session without understanding storage scope, retention, logging, or downstream exposure, which could lead to full account compromise and irreversible asset loss.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The registration flow states that returned credentials are auto-stored if store_credentials=true, and that parameter defaults to true, but the documentation does not clearly warn that newly issued API credentials may be persisted automatically. In a trading skill that can place and cancel real orders, silent default storage materially increases the risk of credential retention, accidental reuse, session cross-contamination, and compromise of a live trading account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal