Skills
skills/okx/plugin-store/meme-trench-scanner/Gen Agent Trust Hub

meme-trench-scanner

Fail

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/scan_live.py employs subprocess.run with shell=True to execute a cleanup command (lsof -ti:{port} | xargs kill -9) for the dashboard port. Executing shell commands through a string-based interface is a security risk as it can lead to command injection if the port value is manipulated.
  • [COMMAND_EXECUTION]: Multiple functions across scripts/scan_live.py and scripts/risk_check.py utilize subprocess.run to call the onchainos command-line interface for wallet management, market data retrieval, and trade execution.
  • [EXTERNAL_DOWNLOADS]: In scripts/scan_live.py, the _check_onchainos function outputs a suggested command for the user to install the required CLI tool via curl -fsSL https://onchainos.com/install.sh | bash. This pattern of piping a remote script directly to a shell is a common but sensitive installation method that requires high trust in the source's infrastructure.
Recommendations
  • HIGH: Downloads and executes remote code from: https://onchainos.com/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 8, 2026, 01:37 PM