xaut-trade
Fail
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's setup script (
scripts/setup.sh) and onboarding guide (references/onboarding.md) include a command that downloads a script fromhttps://foundry.paradigm.xyzand pipes it directly to bash. This represents a significant security risk as it executes code from a remote source with shell privileges without prior local verification. - [EXTERNAL_DOWNLOADS]: During environment initialization, the skill performs automated downloads of Node.js dependencies from the npm registry and fetches Ethereum toolchain binaries via the
foundryupcommand. - [COMMAND_EXECUTION]: The skill makes extensive use of local shell commands and Node.js subprocesses to interact with the blockchain and manage configuration, specifically invoking
node scripts/swap.js,node scripts/limit-order.js, and thecastCLI. - [DATA_EXFILTRATION]: The skill reads local sensitive files including
~/.aurehub/.env, encrypted WDK vaults, and password files to manage Ethereum credentials. Additionally, it provides an opt-in feature to share the user's wallet address and nickname with a remote rankings server atxaue.comupon successful trade execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://foundry.paradigm.xyz - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata