create-strategy
Warn
Audited by Socket on Jul 7, 2026
1 alert found:
AnomalyAnomalyscripts/upbit-strategy-toolkit.sh
LOWAnomalyLOW
scripts/upbit-strategy-toolkit.sh
No direct malicious payload is evident in this bash wrapper (no obfuscation or explicit theft/exfiltration/destructive actions). However, it can fetch and execute remote code at runtime via uvx using an unpinned GitHub git URL when a local repo root is not found. This creates a meaningful software supply-chain execution risk; safer operation would require pinning to an immutable revision and/or verifying integrity/signatures. The wrapper also passes user-supplied CLI arguments directly to the toolkit.
Confidence: 66%Severity: 62%
Audit Metadata