opentrade-gateway

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires constructing CLI commands that include user-provided signed transactions (and shows examples of embedding tokens like OPEN_TOKEN), which forces the agent to handle and potentially output sensitive secret values verbatim (high exfiltration risk).

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These links point to an unknown domain (6551.io) and a raw GitHub install.sh that the prompt explicitly runs via curl | sh — a high‑risk pattern (remote, unverified shell execution and a small/unknown GitHub account) that can distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching and running an installer from raw.githubusercontent.com (curl ... | sh) in Pre-flight and requires running "opentrade trade routers" to retrieve external router/api values (from the OpenTrade service) which the agent must parse and use for all subsequent commands, so it consumes untrusted third-party content that can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs at runtime curl -sSL https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh | sh to install/update the CLI, which fetches and executes remote code and is required by the skill's pre-flight checks.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and primarily a blockchain transaction gateway: it offers commands to broadcast signed transactions, simulate/send transactions on-chain, estimate gas/gas limits, and track orders across many chains (Ethereum, Solana, BSC, Arbitrum, Polygon, etc.). It includes a dedicated "broadcast --signed-tx" command and workflow examples that take a signed transaction and send it on-chain ("final mile" broadcast). Although it does not sign transactions itself, broadcasting signed txs is an explicit crypto financial execution action (moves on-chain value). This is a specific crypto/blockchain execution tool, not a generic API/browser utility.