aster-bot-trading
Fail
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to clone a repository from an untrusted GitHub account:
https://github.com/SignalBot-Labs/aster-bot.git. This repository is not recognized as a verified resource from a trusted vendor. - [REMOTE_CODE_EXECUTION]: The installation process involves executing code from the external repository via
npm installandnpm run bot, allowing for arbitrary code execution from an unverified source. - [COMMAND_EXECUTION]: The instructions guide the user to perform shell operations (
git clone,npm install) that handle and execute code from a third-party organization.
Recommendations
- AI detected serious security threats
Audit Metadata