solidity-audit
solidity-audit · v · by
65.0
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 10.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 100.0 | 15% |
| Clickfix | 65.0 | 15% |
| Credential | 100.0 | 15% |
| Twostage | 5.0 | 10% |
| Infrastructure | 75.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 7.8 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 10
[CRITICAL] Remote code download and execution via curl pipe
(line 523)
curl -L https://foundry.paradigm.xyz | bash
[CRITICAL] Cryptocurrency theft or unauthorized transfer pattern
(line 468)
| 11 | Unexpected ETH | selfdestruct can force send ETH | #26 |
[CRITICAL] Remote script download piped to shell execution
(line 523)
curl -L https://foundry.paradigm.xyz | bash
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 100
No findings.
CLICKFIX — Score: 65
[CRITICAL] Instructs user to disable security features
(line 374)
- [ ] Does modifying contract addresses bypass security checks
INFRASTRUCTURE — Score: 75
[HIGH] Random-looking subdomain pattern (DGA-like, possible C2)
(line 691)
- Mastering Ethereum: https://masteringethereum.xyz/
TWOSTAGE — Score: 5
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 523)
curl -L https://foundry.paradigm.xyz | bash
CREDENTIAL — Score: 100
No findings.
TYPOSQUAT — Score: 100
No findings.