The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The SKILL.md instructions direct users to install dependencies using the command curl -sSL https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh | sh. This executes a script from a personal GitHub repository directly in the shell, a pattern that provides the remote content with full execution privileges on the user's system.
[CREDENTIALS_UNSAFE]: The skill requires several high-value secrets, including SOL_PRIVATE_KEY (Solana wallet private key), OKX_API_KEY, and OKX_SECRET_KEY. These credentials are used by scripts that are installed via the unverified remote execution method mentioned above.
[COMMAND_EXECUTION]: The provided engine.py script makes frequent use of subprocess.run to call an external utility named onchainos. This creates a runtime dependency on an external binary whose integrity is tied to the untrusted installation source.
[DATA_EXFILTRATION]: The skill includes logic in engine.py to fetch data from and execute swaps via external APIs. When combined with the ability to read local private keys and the use of an unverified installation script, this creates a potential path for credential exfiltration to remote servers.
[SAFE]: References to well-known domains like web3.okx.com for API calls are noted as standard functional requirements for an OKX-related trading tool.

strategy-ranking-sniper