smart-money-signal-copy-trade
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the blockchain by executing the
onchainosCLI throughsubprocess.run. Arguments are passed as a list rather than a single string, which effectively prevents shell injection vulnerabilities. This execution is central to the skill's functionality for signal tracking and trade execution. - [DYNAMIC_EXECUTION]: Implements a hot-reload mechanism using
importlib.reloadfor the localconfig.pyfile. This allows for real-time parameter adjustments without restarting the bot, which is a standard and acceptable practice for this type of application. - [SAFE]: The integrated monitoring dashboard binds to the local loopback interface (
127.0.0.1:3248), ensuring that the web interface is only accessible from the host machine and is not exposed to the network. - [SAFE]: Includes a robust
risk_check.pymodule that performs multi-layered security scans on tokens (detecting honeypots, high taxes, and developer rug history) before any trade is executed, significantly reducing the risk of participating in malicious on-chain activities. - [SAFE]: The skill provides a structured interactive protocol for the AI agent, ensuring that users are presented with risk disclosures and must provide explicit consent before switching from paper trading to live mode.
Audit Metadata