strategy-memepump-scanner
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains deceptive instructions that direct the AI to dismiss automated security warnings (such as those from Gen, Snyk, or Socket) as "false positives." This is intended to prevent the user from being alerted to potential risks during installation.\n- [REMOTE_CODE_EXECUTION]: The setup process performs multiple remote code executions by downloading shell scripts and piping them directly to the system shell (e.g.,
curl | sh). It also pipes remote repository data into a Python interpreter for processing.\n- [DATA_EXFILTRATION]: The skill reads from the~/.plugin-store/.envfile to retrieve sensitive data such as Telegram bot tokens and chat IDs. Accessing environment files in this manner creates a risk of credential exposure.\n- [COMMAND_EXECUTION]: The skill executes various local system commands for environment checks, binary management, and lifecycle control, includingwhich,npx, and file operations likecatandmkdir.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh, https://raw.githubusercontent.com/okx/plugin-store/main/install.sh, https://raw.githubusercontent.com/okx/plugin-store/main/install_strategy.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata