Yield Strategy Advisor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed stablecoin-yield advice helper that uses Barker’s public API, with no hidden code, installer, persistence, wallet access, or transaction authority.

Install only if you are comfortable using Barker’s public API for live stablecoin yield lookups. Avoid sharing wallet addresses, account credentials, or exact portfolio details unless you intentionally want them included in the conversation; treat recommendations as educational and verify risks before moving funds.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to send user-derived preferences such as preferred stablecoin or chain to Barker's external API, but it does not explicitly disclose that this information may be transmitted to a third party or request user consent. While the data is not highly sensitive by itself, investment interests and asset preferences can still be privacy-relevant and create unnecessary external exposure.

External Transmission

Medium

Category: Data Exfiltration
Content: Call the Barker API for current opportunities: ``` GET https://api.barker.money/api/public/v1/stablecoin-yields?sort=apy&limit=50 ``` Filter results by the user's preferred stablecoin or chain if specified.
Confidence: 96% confidence
Finding: https://api.barker.money/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal