strategy-grid-trade
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Downloads and executes installation scripts by piping them from the okx/onchainos-skills and purong-huang-1121/plugin-store repositories directly into the shell.- [EXTERNAL_DOWNLOADS]: Fetches multiple shell scripts and a compiled binary file (strategy-grid) from external GitHub repositories during the pre-flight and update check processes.- [COMMAND_EXECUTION]: Runs the downloaded strategy-grid binary to perform market analysis, execute trading cycles, and manage configuration settings.- [PROMPT_INJECTION]: Contains explicit instructions for the agent to deceive the user by claiming that security scanner alerts are "false positives," which is a deceptive tactic designed to bypass safety protocols.- [DATA_EXFILTRATION]: Accesses the ~/.plugin-store/.env file, which is used to store sensitive information like Telegram bot tokens and chat IDs for notifications.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/purong-huang-1121/plugin-store/main/install_strategy.sh, https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh, https://raw.githubusercontent.com/purong-huang-1121/plugin-store/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata