opentrade-market

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Suspicious — an unknown domain (6551.io) plus a GitHub repo that links to a raw shell script intended to be curl|sh'd is high-risk: piping remote .sh into a shell executes arbitrary code and is a common malware/vector, and the sources lack clear, well-known provenance or community vetting.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.85). High-risk supply-chain/backdoor patterns: the skill repeatedly instructs running a remote installer via curl | sh (remote arbitrary code execution) for installs/updates and automatic reinstalls on errors, explicitly tells the CLI output to be suppressed (helping conceal actions), and relies on a local .env API token — combinations that enable silent remote code execution, stealthy updates, and easy credential exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (e.g., Workflow C/D/E) and commands such as "opentrade market signal-list", "opentrade market memepump-tokens", and "opentrade market memepump-token-details" explicitly fetch public on-chain/token metadata and social/website URLs from open third‑party sources and then use those results to drive follow-up decisions (including buys), which exposes the agent to untrusted, user-generated third‑party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs a remote installer at runtime using curl -sSL https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh | sh, which fetches and executes remote code and is required for installation/updates.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill repeatedly instructs the agent to run system commands that install/update software via a remote "curl | sh" script and to create/read files (e.g., ~/.opentrade/last_check, project .env), which actively modify the host filesystem and can run arbitrary remote code, so it directs actions that compromise machine state.