smart-money-signal-copy-trade
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a legitimate Solana trading bot with extensive safety logic located in
risk_check.py. It includes comprehensive risk disclosures and requires explicit user confirmation before enabling live trading. - [COMMAND_EXECUTION]: The bot interacts with the
onchainosCLI using thesubprocessmodule. These interactions are implemented securely using argument lists, which prevents command injection vulnerabilities. - [PROMPT_INJECTION]: The
SKILL.mdinstructions guide the AI agent through a structured interaction protocol with the user. No attempts to override safety filters or extract system prompts were found. - [EXTERNAL_DOWNLOADS]: No external code or scripts are downloaded at runtime. The skill utilizes the Python standard library and the pre-installed
onchainosCLI. - [DATA_EXFILTRATION]: There is no evidence of unauthorized data transmission. The skill hosts a local dashboard on
localhost:3248, but this is bound to the loopback interface and is used only for displaying trade status to the local user. - [CREDENTIALS_UNSAFE]: The skill does not store or hardcode private keys or API tokens. It uses the onchainos Agentic Wallet, which keeps signing keys within a secure Trusted Execution Environment (TEE).
Audit Metadata