opentrade-gateway
Fail
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill directs the agent to install and maintain the 'opentrade' CLI tool by executing a remote script directly in the shell using the command
curl -sSL https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh | sh. This pattern is highly susceptible to supply chain attacks, as it bypasses verification of the script's content before execution.- [EXTERNAL_DOWNLOADS]: The skill depends on fetching external shell scripts from the '6551Team/openskills' repository on GitHub for its core setup and version management.- [COMMAND_EXECUTION]: The skill makes extensive use of local shell command execution via theopentradeCLI to perform blockchain operations such as gas estimation, transaction simulation, and broadcasting.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata