deploy
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill performs a complete reinstallation by downloading a shell script from the author's repository and piping it directly to bash (curl | bash). This pattern allows for the execution of remote code that is not contained within the skill itself and may change over time.
- [COMMAND_EXECUTION]: Includes multiple commands requiring elevated privileges via sudo to manage systemd services, restart processes, and access system-level logs.
- [DATA_EXFILTRATION]: Exposes specific server infrastructure details including the target IP address (139.180.157.152) and the path to sensitive environment configuration files (~/.env.aitrader) that likely contain API keys or private credentials.
- [COMMAND_EXECUTION]: Configures and manages a systemd service unit to establish persistence for the trading bot, ensuring it starts automatically and restarts on failure.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/FelixWayne0318/AItrader/main/reinstall.sh - DO NOT USE without thorough review
Audit Metadata