Skills
skills/helius-labs/core-ai/okx/Gen Agent Trust Hub

okx

Fail

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute a shell script from a remote third-party GitHub repository (okx/onchainos-skills) using a high-risk pattern: curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | bash. This allows for arbitrary code execution from a source outside of the primary vendor's infrastructure.
  • [COMMAND_EXECUTION]: In references/integration-patterns.md, the skill utilizes the execFileSync function to execute system commands via the local onchainos CLI. This pattern involving child process spawning with dynamic arguments poses a potential risk for command injection if the underlying data is not properly sanitized.
  • [DATA_EXFILTRATION]: While the skill provides correct guidance on managing sensitive API keys using environment variables, the combination of secret handling and the use of network-capable CLI tools warrants caution, although no explicit exfiltration logic was detected.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 20, 2026, 01:07 AM