币安资金费率监控

Security checks across malware telemetry and agentic risk

Overview

This paid Binance monitoring skill includes undisclosed leveraged trading code and asks for sensitive exchange credentials without enough safety guidance.

Review this skill carefully before installing. Use only a dedicated Binance API key restricted to read-only/account-query access, with trading and withdrawals disabled and IP restrictions enabled where possible. Do not install it as a monitoring-only tool unless the trading/rebalance code is removed or the publisher clearly reclassifies it as an automated futures trading tool with explicit consent and risk controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 83% confidence
Finding: The skill requires sensitive Binance API credentials and appears to use network access, yet no explicit permissions are declared. This creates a transparency and consent problem: users may provide high-value trading credentials to a skill without clear disclosure of what external access it needs or how those credentials are used.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: This is a serious description-behavior mismatch: the skill is presented as a monitoring/reporting tool, but the detected behavior includes leveraged futures trading, position opening/closing, stop-loss handling, and full arbitrage rebalancing logic. In the context of Binance API credentials, hidden trading capability can directly cause unauthorized trades, financial loss, liquidation risk, and user deception.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The manifest presents this as a monitoring tool, but the code places leveraged futures orders, sets leverage, and closes positions automatically. This is a dangerous capability mismatch because a user or platform may grant the skill access expecting read-only monitoring, while the skill can directly move funds and create financial exposure.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill loads Binance API credentials capable of authenticated account access despite being described as a monitor-only tool. In context, this increases risk because users may provide high-privilege keys under misleading expectations, enabling unauthorized balance queries and order execution if the code path is triggered.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The module docstring explicitly describes a funding-rate arbitrage strategy, which contradicts the marketplace description of a monitoring utility. This deceptive or careless packaging undermines informed consent and makes the hidden trading behavior more dangerous because the surrounding context suggests passive observation rather than active execution.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README instructs users to place Binance API credentials in environment variables but does not warn that these are highly sensitive secrets that can grant account visibility and potentially trading or withdrawal capabilities depending on API key scope. In the context of a paid third-party monitoring skill, this is more dangerous because users are being encouraged to connect real exchange accounts without documentation on minimum permissions, secure storage, or the risk of exposing secrets to the skill runtime or logs.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill transmits session/payment identifiers to a third-party payment endpoint on each tool call, but the code provides no explicit user-facing notice or consent mechanism for that data sharing. In a financial-monitoring skill, undisclosed transmission of billing/session metadata increases privacy and trust risk, especially because it happens before any requested account action is performed.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The manifest requires Binance API credentials, including an API secret, but does not clearly warn users that the skill will access sensitive exchange account data. In a financial/trading context, requesting exchange credentials materially increases risk because users may provide high-privilege keys without understanding the account exposure or recommended permission restrictions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal