Skills
skills/starchild-ai-agent/community-skills/@1247/orderly-dex-creator/Gen Agent Trust Hub

@1247/orderly-dex-creator

Fail

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the user to clone several repositories from github.com/SkewCodes and immediately execute shell scripts or run build processes. Specifically, Phase 3 executes ./orderly-domain-setup.sh after cloning, and Phases 4 through 7 involve running npm install and npm run build on unverified code.
  • [COMMAND_EXECUTION]: The playbook commands the execution of local shell scripts and package manager build scripts which can execute arbitrary code on the host environment during installation or execution.
  • [EXTERNAL_DOWNLOADS]: The skill requires downloading numerous packages from NPM (primarily under the @orderly.network scope) and PyPI, in addition to cloning multiple full repositories from an unverified GitHub account.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 1, 2026, 08:57 AM
Security Audit — agent-trust-hub — @1247/orderly-dex-creator