Crypto Threshold Watcher

Security checks across malware telemetry and agentic risk

Overview

This is a coherent crypto price alert skill, with the main caution that Telegram alerts may expose watchlist and strategy details to a third party.

Before installing, inspect or provide the referenced threshold-watcher.js script, confirm any hourly cron entry is wanted, and verify Telegram bot/chat settings. Avoid putting sensitive trading strategy notes in alerts unless you are comfortable sending them to Telegram, and keep any downstream trade execution behind explicit approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill states that alerts are delivered to Telegram DM automatically, which implies outbound transmission of trading signals, token interests, timestamps, and possibly user-authored notes to a third-party service. Without an explicit warning, consent flow, or description of what data leaves the system, users may unknowingly expose sensitive trading intent or operational metadata.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal