strategy-signal-tracker

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The set includes multiple direct raw GitHub shell scripts (curl|sh) — including from a low-reputation personal account (purong-huang-1121) — plus an internal Lark doc link; executing those .sh installers without review is high-risk because they can run arbitrary code, even though one URL points to an official okx repo which is lower risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly polls the public OKX Signal API (POST /api/v6/dex/market/signal/list) every 20s and fetches public token data (price_info, candles, memepump tokenDevInfo/tokenBundleInfo, quote, etc.) and directly uses that untrusted third‑party data to decide and execute trades, so external content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains runtime curl-and-sh installers that fetch and execute remote scripts (e.g. https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh, https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh, and https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install_strategy.sh), which are executed during setup and are required dependencies, so remote content can run code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading bot that performs on-chain swaps and broadcasts signed transactions. It describes executing position-sized trades via OKX DEX (swap-instruction), signing transactions (sign_transaction/keypair) and calling /api/v6/dex/pre-transaction/broadcast-transaction to broadcast signed txs, waits for order confirmations, checks/writes balances, and requires an onchainos wallet (TEE signing). It provides commands that perform execution (strategy-signal-tracker tick / start) and details position sizing, slippage, and cost/breakeven calculations. These are specific, primary financial-operation capabilities (placing trades and broadcasting transactions), not generic tools, so this is direct financial execution authority.