opentrade-dex-swap

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These links include an unknown GitHub org plus a direct raw shell script (raw.githubusercontent URL) and a short/private domain (6551.io) with instructions to curl|sh — a high‑risk pattern because executing an unverified .sh from an unfamiliar source can install arbitrary/malicious code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls opentrade CLI commands (e.g., "opentrade swap quote" and "opentrade swap liquidity") that ingest quotes, routing and token metadata aggregated from 500+ public DEX sources (and even pulls an installer from raw.githubusercontent.com/GitHub), and SKILL.md requires the agent to read fields like routerResult.dexRouterList, fromToken.isHoneyPot and priceImpactPercentage to decide whether to warn, block, approve, or execute trades, so untrusted third‑party content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs at runtime: curl -sSL https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh | sh — fetching and piping a remote script to sh (remote code execution) as the installer/upgrade path, which is a required runtime dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto DEX aggregator used to quote, approve, and execute token swaps across many chains. It provides commands to generate approval calldata, build swap transaction calldata (tx.to, tx.data, tx.value, tx.gas), and is an execution endpoint in workflows that result in on‑chain transfers (user signs and then broadcasts via opentrade-gateway). This is directly managing crypto transactions (wallet addresses, signing flow, swap execution), so it is specifically designed to move financial assets on blockchain networks.