blave-quant
Audited by Socket on Jul 7, 2026
2 alerts found:
AnomalySecuritySUSPICIOUS: the skill is internally coherent and uses mostly official endpoints, but its footprint is high-risk because it centralizes many exchange credentials and enables live trading and transfers with real financial consequences. The explicit CONFIRM workflow and anti-autonomy rule are meaningful safeguards, so this is not malware, but it remains a medium-high security risk skill.
The fragment is documentation describing an end-to-end client workflow for downloading and locally executing untrusted Python “strategy” source code from a marketplace (including multi-strategy bundle splitting). While the text itself does not contain explicit malicious payloads, it clearly enables a high-impact supply-chain execution pathway (marketplace/server/client -> local filesystem -> python3). The overall security risk is high unless strong authenticity/integrity checks (e.g., signatures/hashes), robust sandboxing/containment, and reliable static/dynamic scanning plus strict filename/path sanitization are enforced.