Back to skill

Security audit

Stove Taker Api

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Stove trading API helper, but it can perform live order actions with production credentials and lacks strong safeguards against accidental use or credential exposure.

Install only if you intend to let an agent access Stove Taker APIs. Use test credentials first, prefer least-privilege production keys, avoid passing real keys on command lines or in WebSocket URLs, and require explicit user approval before any live lock, unlock, fill, reject, or cancellation-result action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The documentation explicitly recommends placing the API key in the WebSocket URL query string for browser use. Query parameters are commonly exposed through browser history, logs, reverse proxies, monitoring tools, referrer leakage patterns, and support/debug artifacts, so this increases the chance of credential disclosure even when TLS is used. In this skill context, the API key grants access to a taker trading API, so credential leakage could enable unauthorized access to order status, cancellation flows, and related trading actions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The document describes a live order-fill endpoint that executes a real transaction using API-key-authenticated taker credentials, but it does not warn users that invoking it can cause irreversible trading activity and fees. In an agent skill context with network permission, this omission increases the risk of accidental execution by users or downstream automation treating the example as harmless reference material.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The example shows `api_key=<your-api-key>` in the WebSocket query string without any warning about exposure risks. This is a true security issue because developers often copy documentation verbatim, leading to secrets being embedded in URLs that may be retained or logged by multiple components. Because this skill operates on a financial/trading API, misuse of a leaked key could expose sensitive order data or allow unauthorized interactions with taker workflows.

External Transmission

Medium
Category
Data Exfiltration
Content
## Request Example [​](#request-example)

```bash
curl -X POST "/api/v1/orders/fill" \
     -H "X-API-Key: YOUR_API_KEY" \
     -H "Content-Type: application/json" \
     -d '{
Confidence
80% confidence
Finding
curl -X POST "/api/v1/orders/fill" \ -H "X-API-Key: YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.