opentrade-dex-swap

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These are high-risk: an unfamiliar domain (6551.io) plus a curl | sh installer pattern pointing to a raw GitHub-hosted install.sh from an untrusted/unknown GitHub org are classic red flags for malicious or unwanted code distribution unless you audit the repo and script first.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md shows runtime commands that fetch and consume public third-party data (e.g., "opentrade trade routers" and "opentrade swap quote" which return dexRouterList, isHoneyPot, taxRate, router info) and also installs/updates via curl from raw.githubusercontent.com—these external, untrusted sources are read and directly influence routing, safety checks, and subsequent commands (e.g., blocking trades, choosing trader/api flags).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight/install and update steps instruct running curl -sSL https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh | sh at runtime, which fetches and immediately executes remote shell code and is presented as a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto DEX aggregator built to perform token swaps and produce/broadcast transactions. It defines specific commands for quote, ERC-20 approve, and swap (opentrade swap swap) including parameters like --wallet, --amount, --slippage, and returns tx calldata/tx fields for signing and broadcasting. It aggregates liquidity, supports slippage/price-impact checks, and integrates with an opentrade-gateway to broadcast signed transactions. This is directly designed to move funds on blockchains (wallets, swaps, signing, broadcasting), i.e., direct financial execution.