backtest

Warn

Audited by Socket on Jul 7, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/upbit-strategy-toolkit.sh

No direct malicious payload is evident in this bash wrapper (no obfuscation or explicit theft/exfiltration/destructive actions). However, it can fetch and execute remote code at runtime via uvx using an unpinned GitHub git URL when a local repo root is not found. This creates a meaningful software supply-chain execution risk; safer operation would require pinning to an immutable revision and/or verifying integrity/signatures. The wrapper also passes user-supplied CLI arguments directly to the toolkit.

Confidence: 66%Severity: 62%
Audit Metadata
Analyzed At
Jul 7, 2026, 06:38 AM
Package URL
pkg:socket/skills-sh/upbit-official%2Fupbit-strategy-toolkit%2Fbacktest%2F@a903504d8c0c3b77a69f870f3fdd642d2f9dc1289321bb393f6a4bd6647b300b
Security Audit — socket — backtest