⚠️ Plugin Review: issues found in add4a27

[github-actions]

Issues after push to main

Commit: add4a27
Plugins: meme-trench-scanner smart-money-signal-copy-trade top-rank-tokens-sniper

Static Checks

⚠️ [meme-trench-scanner] Version mismatch: plugin.json=1.0.0 vs SKILL.md=1.0
⚠️ [smart-money-signal-copy-trade] Version mismatch: plugin.json=1.0.0 vs SKILL.md=1.0
⚠️ [top-rank-tokens-sniper] Version mismatch: plugin.json=1.0.0 vs SKILL.md=1.0

AI Review

Summary

These three OKX plugins are automated trading bots for Solana meme tokens using onchainos CLI for TEE-secured transactions. All follow similar architecture with safety checks, multi-layer exit systems, and web dashboards, but target different strategies: meme trench scanning, smart money signals, and ranking snipers.

Issues Found

🔴 Critical:

• Version mismatch: All three plugins have version inconsistency between plugin.json (1.0.0) and SKILL.md (1.0)
• Config defaults unsafe: All plugins default to PAUSED=True and paper trading mode, but this contradicts the "real trading bot" description and could confuse users

🟡 Important:

• Hardcoded paths: Uses ~/.local/bin/onchainos fallback path which may not work across all systems
• Resource cleanup missing: Multiple subprocess calls without proper timeout/cleanup in error scenarios
• Error handling gaps: Some onchainos CLI calls lack comprehensive error handling for network/API failures
• Duplicate code: The risk_check.py module is identical across all three plugins (2,202 lines total duplicated)

🔵 Minor:

• Documentation inconsistency: Some command examples show different parameter formats than actual code usage
• Magic numbers: Several hardcoded thresholds without clear rationale in comments
• Log verbosity: Extensive console output could be overwhelming for users

Verdict

⚠️ Fix issues first - Address the version mismatch and clarify the default safety settings before merge.