Security audit

Yubit Exchange Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Yubit exchange skill, but it can place trades, change leverage, close positions, and transfer funds without a required user confirmation step for every write action.

Install only if you intend to let an agent operate a live Yubit account. Before using it, verify the @yubit/exchange-skill package and MCP server source, prefer the lowest-permission credentials available, and require explicit confirmation for every market order, leverage or mode change, position close, TP/SL change, batch action, and wallet transfer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger condition is extremely broad and can cause this skill to activate for nearly any mention of Yubit, even when the user did not clearly request exchange actions. In a skill that exposes order placement, leverage changes, position closing, and fund transfers, over-triggering increases the chance that high-impact financial tools are brought into scope prematurely and acted on from ambiguous prompts.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: Repeating the instruction to use the skill for 'anything on the Yubit exchange' reinforces an unconstrained activation rule without boundaries or disambiguation guidance. Because this skill includes powerful write operations, ambiguous invocation can turn casual or informational mentions into operational trading contexts, raising the risk of unintended financial actions.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly allows direct trading operations and wallet transfers but does not require an explicit user-facing warning or acknowledgement about financial risk and irreversible account impact before such writes. In a live exchange context, this omission makes socially engineered, accidental, or ambiguous requests more likely to result in real losses or unauthorized fund movement.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal