Is azep-ninja/tator-trader safe?
https://github.com/openclaw/skills/tree/main/skills/azep-ninja/tator-trader
This skill is a comprehensive API documentation file for the Tator AI Trading API, a cryptocurrency transaction builder service. It contains no executable code, no install-time risks, and no prompt injection payloads. The primary concerns are inherent to its financial nature: code examples normalize private key access from environment variables, all operations depend on a single external service, and automated signing patterns could bypass human transaction review. The skill includes unusually thorough security documentation with a transaction verification checklist.
Category Scores
Findings (9)
MEDIUM Code examples normalize private key access from environment variables -15 ▶
Multiple wallet integration patterns (Patterns 1-4) show loading private keys via process.env.PRIVATE_KEY and process.env.SOLANA_PRIVATE_KEY. While the security section explicitly warns 'NEVER share private keys', the extensive code examples create a behavioral pattern that could lead an agent to access cryptographic secrets from the user's environment.
MEDIUM Overly broad trigger scope captures wide range of user queries -12 ▶
The skill description defines 12+ trigger phrases covering buying, selling, swapping, bridging, sending, wrapping, perpetuals, prediction markets, token launching, name registration, and yield management. This aggressive scope means the skill would be activated for nearly any crypto-related conversation, potentially overriding more appropriate or safer skill handling.
MEDIUM Wallet address and agent identity sent to external API -13 ▶
Every API call to x402.quickintel.io transmits the user's walletAddress and a provider identifier. While necessary for the service to function, this creates a tracking vector linking wallet addresses to specific agent instances. The external service could correlate wallet activity across requests.
MEDIUM Cross-skill references enable financial operation chaining -8 ▶
The skill explicitly references quickintel-scan, token-launcher, and sponge-wallet skills, and provides a complete 'Scan Then Buy' code example combining multiple skills. This cross-referencing could enable automated multi-step financial pipelines with reduced human oversight at each stage.
LOW Multiple external URLs referenced for agent to interact with -5 ▶
The skill references several external URLs (x402.quickintel.io, docs.quickintel.io, quickintel.io, x402.org, frames.ag, api.wallet.paysponge.com, heyvincent.ai) that an agent may be instructed to fetch or interact with. While these are legitimate service endpoints, they expand the trust boundary.
LOW Automated transaction signing patterns risk bypassing human review -20 ▶
While the skill includes a thorough Transaction Verification Checklist and recommends human-in-the-loop confirmation, the code examples show fully automated signing workflows. An agent following these patterns programmatically could sign and broadcast transactions without meaningful human review, especially in chained operations.
LOW Single external service dependency for all trading operations -25 ▶
All trading functionality routes through x402.quickintel.io. If this service were compromised, it could return malicious transaction calldata (e.g., draining approvals, sending funds to attacker addresses). The skill's verification checklist mitigates this but relies on the agent or user actually performing checks.
INFO No executable code or install-time risks -5 ▶
The skill contains only documentation files (SKILL.md, _meta.json, lock.json). No package.json, no npm scripts, no git hooks, no submodules, no symlinks, no binary files. Installation is clean with no code execution.
INFO Clean installation with no suspicious activity 0 ▶
Installation monitoring detected only expected system activity: JIT cache writes in /tmp/jiti/, DNS lookups, GitHub clone traffic, and standard Ubuntu system services. No connections to skill-related external endpoints during install.