strategy-memepump-scanner

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). This is a direct raw GitHub URL to an install.sh from an untrusted/unknown personal account and the skill instructs piping it to sh (curl | sh), which is high-risk because it runs arbitrary code with no integrity checks or reputation signals.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes public OKX Trenches APIs (e.g., /api/v6/dex/market/memepump/tokenList, tokenDevInfo, tokenBundleInfo, candles, trades) as required inputs to classify tokens and drive trading decisions, so untrusted third-party data can directly influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight step tells operators to install a required runtime dependency by running a remote install script via curl piped to sh (https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh), which fetches and executes remote code and is required for the skill to run.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a crypto trading bot. It requires OKX API keys and a Solana private key, lists OKX trade execution endpoints (quote, swap-instruction, pre-transaction/broadcast-transaction, post-transaction/orders), and provides commands to run/daemonize the scanner that will "execute sized trades" and "broadcast signed transaction". It performs automated opens/closes, position sizing, TP/SL, and uses on-chain signing—all specific mechanisms to move money/crypto. Therefore it grants direct financial execution authority.