Stablecoin Depeg Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent and non-executable, but its stablecoin safety labels appear stronger than the documented data source can support.

Install only if you are comfortable with Barker being used as a third-party market data source. Treat the skill's peg status as informational and verify live prices and liquidity with independent DEX/CEX or issuer sources before making financial decisions, because the documented API data does not clearly support the skill's price-deviation thresholds.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill directs the agent to call a third-party API for live checks without requiring a user-facing disclosure or consent step. Even though the documented endpoint takes no parameters, invoking an external service can still transmit metadata such as IP address, timing, user-associated context, or inferred interest in specific assets to Barker, creating a privacy and transparency risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal