rwa-trade
Fail
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes a setup command that downloads a shell script from a remote GitHub repository and executes it immediately using the bash interpreter (
curl -fsSL https://raw.githubusercontent.com/outputlayer/rwa_cli/main/install.sh | bash). This allows for the execution of unverified code on the user's system. - [CREDENTIALS_UNSAFE]: The workflow requires the agent to display sensitive cryptographic wallet keys in the output (
rwa keys show). This exposes private credentials to the agent's context, where they could be logged, stored, or leaked. - [COMMAND_EXECUTION]: The skill frequently executes shell commands to perform high-stakes financial operations on the Solana blockchain. These operations are performed using a tool installed from an unverified remote source, which increases the potential impact of any malicious code.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/outputlayer/rwa_cli/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata