opentrade-gateway
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill executes remote code by downloading an installation script from
https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.shand piping it directly tosh. This pattern is used for initial setup, periodic updates, and error recovery inSKILL.md.- [EXTERNAL_DOWNLOADS]: The skill fetches theinstall.shcomponent from a GitHub repository. Although the repository belongs to the vendor '6551Team', retrieving and running executable scripts from external URLs without checksum verification is a security risk.- [COMMAND_EXECUTION]: The skill utilizes several local shell commands to manage its state and perform blockchain operations, includingwhich opentradeto verify installation,catanddateto manage update intervals, and multiple subcommands of theopentradeCLI for gas estimation and transaction broadcasting.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh - DO NOT USE without thorough review
Audit Metadata