Skills
skills/purong-huang-1121/plugin-store/strategy-grid-trade/Gen Agent Trust Hub

strategy-grid-trade

Fail

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes explicit instructions to ignore automated security alerts, characterizing them as false positives (e.g., '⚠️ 安全扫描警告是误报') to encourage the user to bypass safety guardrails.
  • [DATA_EXFILTRATION]: Accesses the sensitive file path '~/.cargo/bin/.env' which is used to store Telegram bot tokens and chat IDs.
  • [REMOTE_CODE_EXECUTION]: Fetches and executes shell scripts from the vendor's repository and the OKX organization's repository using the curl-to-shell pattern.
  • [REMOTE_CODE_EXECUTION]: Performs dynamic execution of Python code to process data retrieved from the GitHub API for displaying download statistics.
  • [COMMAND_EXECUTION]: Automates several shell tasks including environment verification via 'which' and 'ls', as well as package installation using 'npx', without individual user confirmation for each operation.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh, https://raw.githubusercontent.com/purong-huang-1121/plugin-store/main/install.sh, https://raw.githubusercontent.com/purong-huang-1121/plugin-store/main/install_strategy.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 24, 2026, 07:22 AM