@2061/orderly-dex-creator
Warn
Audited by Snyk on May 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs cloning and running public third‑party repositories (e.g., https://github.com/SkewCodes/orderly-growth-agent.git, orderly-agentic-mm.git, SecClaw) and querying public Orderly endpoints (e.g., GET /v1/public/chain_info), and those agents are described as ingesting external/public data and driving autonomous decisions (growth/market‑making/vault actions), so untrusted web-hosted content can materially influence tool behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime install-and-run steps that git clone and execute remote repositories (e.g., https://github.com/SkewCodes/orderly-domain-builder.git — also: https://github.com/SkewCodes/orderly-growth-agent.git, https://github.com/SkewCodes/orderly-agentic-mm.git, https://github.com/SkewCodes/YieldClaw.git, https://github.com/SkewCodes/SecClaw.git), so external code is fetched at runtime and executed as a required dependency.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly designed to launch and operate a perpetual futures DEX and includes multiple concrete, finance-specific execution capabilities: wallet connect / EVM wallet prerequisites, Orderly API key pairs for agents, "funded trading account" and dedicated MM API keys, autonomous market making that opens/cancels orders via API (e.g., "cancel all open orders via API" and
npm run emergency-stop), vault operations that accept seed capital, rebalance/unwind positions and pause deposits (npm run pause -- --vault <id>), and referenced installable skills for Swap, Vault, and 402 Payments. These are specific crypto/market-order/payment controls (not generic tooling) that enable moving funds and executing trades on-chain or via exchange APIs.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata