The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The octobot-tentacles-manager component provides a CLI and API for installing 'tentacles' (plugins) directly from remote URLs (--url https://example.com/package.zip). Since tentacles are executable Python packages, this creates a direct path for arbitrary code execution if a user is directed to a malicious source.
EXTERNAL_DOWNLOADS (HIGH): The manager allows downloading and unzipping code packages into the application's runtime directory. This bypasses traditional package management (pip/npm) and allows unverified code to be loaded into the bot's core execution flow.
INDIRECT PROMPT/DATA INJECTION (HIGH): The system includes 'Social Evaluators' (e.g., Twitter sentiment analysis) and 'Webhook Services' (e.g., TradingView signals).
Ingestion points: TwitterSentiment (Twitter API), WebhookService (HTTP POST payloads).
Boundary markers: None identified; payloads are parsed as JSON and passed directly to logic.
Capability inventory: create_order, fetch_balance, and create_market_order in the trading engine.
Sanitization: While documentation suggests token authentication for webhooks, the evaluation logic itself (e.g., sentiment scoring) is susceptible to data poisoning which can trigger unintended trades.
CREDENTIALS_UNSAFE (MEDIUM): The framework relies on user/config.json and environment variables (OCTOBOT_BINANCE_API_KEY) to store highly sensitive exchange API keys and secrets. While necessary for operation, these are stored in plain text or environment memory, making them primary targets for exfiltration if the system is compromised.
COMMAND_EXECUTION (MEDIUM): The system provides extensive tooling for CCXT transpilation and development tasks that involve running shell commands. If any part of the command generation process (e.g., exchange names) were influenced by untrusted metadata, it could lead to command injection.

octobot-stack