dapp-composer

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Suspicious — it's a direct raw.githubusercontent.com link to an install.sh (an executable shell script) hosted in a personal/unknown GitHub repo and the skill instructs users to curl | sh, which is a high-risk pattern for delivering malware or unwanted code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflows (Flows D/E/F and their CLI steps) explicitly poll and ingest third-party public APIs and feeds—e.g., "OKX Solana 涨幅榜 Top 20", "OKX Signal API", "Trenches tokenList API", and Pump.fun—via plugin-store commands to make automated buy/sell decisions, so untrusted external content directly influences tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight check instructs runtime execution of a remote install script via "curl -sSL https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh | sh", which fetches and executes remote code and is required because the skill depends on the plugin-store CLI for its operations.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute on-chain financial operations. It includes numerous commands that perform blockchain transactions (e.g., plugin-store aave supply/borrow/withdraw/repay, plugin-store grid start, plugin-store auto-rebalance start, plugin-store ranking-sniper start, plugin-store scanner start, plugin-store signal-tracker start) and swap/trading actions. It requires private keys and exchange API credentials (EVM_PRIVATE_KEY, SOL_PRIVATE_KEY, OKX_API_KEY/SECRET/PASSPHRASE) and instructs the agent/user to sign transactions and start automated bots that will perform buys, sells, borrows, supplies, and swaps. These are concrete crypto/blockchain transaction capabilities (wallet signing, swaps, borrowing/lending, automated market orders), not generic tooling. Therefore it grants direct financial execution authority.