Skills
skills/purong-huang-1121/skills-store/dapp-ethena/Gen Agent Trust Hub

dapp-ethena

Fail

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the user to install a prerequisite tool by piping a remote shell script directly into the command interpreter: curl -sSL https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh | sh. This pattern allows the author's repository to execute arbitrary code on the host system without prior inspection.
  • [CREDENTIALS_UNSAFE]: The documentation explicitly requires the user to store a highly sensitive EVM_PRIVATE_KEY in a plain-text .env file for write operations (stake, cooldown, unstake). This is a dangerous practice that risks total loss of funds if the environment is compromised.
  • [COMMAND_EXECUTION]: The skill relies on an external CLI tool (plugin-store) that is not part of the standard environment and whose source code is not provided for audit within the skill itself, creating an opaque execution layer.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 15, 2026, 03:47 AM