opentrade-market

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The links include an unknown GitHub repo plus a raw.githubusercontent .sh installer and an opaque 6551.io domain referenced in a "curl | sh" install flow—directly piping and running an unvetted shell script from an unfamiliar source is a high-risk distribution pattern for malware.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content contains high-risk supply-chain and remote-execution patterns: it repeatedly instructs executing a remote install script via "curl ... | sh" (including automatic reinstall/update on failures and stale cache), advises suppressing routine command output (hiding installer output), and encourages storing an API token in a .env — together these enable remote code execution, hidden payload delivery, and potential credential exfiltration, consistent with backdoor/supply-chain abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls public on-chain and community sources (e.g., opentrade market signal-list, memepump-tokens, memepump-token-details which return token metadata and social URLs like social.website/social.telegram and token logos) and the documented workflows require the agent to read those results and reuse returned token addresses to make trading decisions, so untrusted third-party content can materially influence subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight/install steps run curl -sSL https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh | sh at runtime, which fetches and immediately executes remote code and is used as a required installer/update dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to run remote installation scripts (curl ... | sh), read/write local config files (~/ .opentrade/last_check, create .env), and reinstall software—actions that modify the host filesystem and can execute arbitrary code, so it pushes changes to the machine state and is a security risk.