create-strategy

Warn

Audited by Socket on Jul 7, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/upbit-strategy-toolkit.sh

No direct malicious payload is evident in this bash wrapper (no obfuscation or explicit theft/exfiltration/destructive actions). However, it can fetch and execute remote code at runtime via uvx using an unpinned GitHub git URL when a local repo root is not found. This creates a meaningful software supply-chain execution risk; safer operation would require pinning to an immutable revision and/or verifying integrity/signatures. The wrapper also passes user-supplied CLI arguments directly to the toolkit.

Confidence: 66%Severity: 62%
Audit Metadata
Analyzed At
Jul 7, 2026, 06:39 AM
Package URL
pkg:socket/skills-sh/upbit-official%2Fupbit-strategy-toolkit%2Fcreate-strategy%2F@57c6185875b900052e82548fcc877a575dc45c3a90c6737b671754c415f298eb
Security Audit — socket — create-strategy