Arbiscan

Security checks across malware telemetry and agentic risk

Overview

ArbiScan is a disclosed read-only crypto market scanner that uses public exchange APIs and does not handle keys or place trades.

Safe to install as a market-data scanner, but treat its outputs as informational trading signals only. Do not let another exchange or executor skill place trades from these results without explicit review, sizing, liquidity/slippage checks, and confirmation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The README explicitly promotes chaining this read-only market scanner with exchange trading skills to automatically act on detected opportunities, but it does not include any warning about the risks of autonomous trade execution. This can mislead users or downstream agents into treating scanner output as safe-to-execute signals, increasing the chance of financial loss, unintended orders, or unsafe cross-skill automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal