Skills
skills/purong-huang-1121/skills-store/strategy-auto-rebalance/Gen Agent Trust Hub

strategy-auto-rebalance

Fail

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Fetches and executes installation and update scripts directly from the OKX GitHub organization repositories.
  • [REMOTE_CODE_EXECUTION]: Pipes data from the GitHub API into a python3 command to process download statistics for display.
  • [CREDENTIALS_UNSAFE]: Accesses the ~/.plugin-store/.env file to check for and read Telegram bot credentials used for notifications.
  • [PROMPT_INJECTION]: The skill instructions explicitly direct the user to disregard security warnings from automated scanning tools, attempting to bypass safety protocols by claiming they are false positives.
  • [COMMAND_EXECUTION]: Uses system binaries like which, awk, sed, and grep to validate the environment and determine versioning information.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh, https://raw.githubusercontent.com/okx/plugin-store/main/install.sh, https://raw.githubusercontent.com/okx/plugin-store/main/install_strategy.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 2, 2026, 08:53 AM