The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill executes a remote installation script from GitHub by piping the output of curl directly into the shell (sh).
Evidence: curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh in SKILL.md.
[EXTERNAL_DOWNLOADS]: The skill downloads an architecture-specific binary from a GitHub release and installs it to the user's local bin directory.
Evidence: curl -fsSL "https://github.com/MigOKG/plugin-store/releases/download/plugins/aave-v3@0.1.0/aave-v3-${TARGET}" -o ~/.local/bin/aave-v3.
[COMMAND_EXECUTION]: The setup process grants execution permissions to the downloaded external binary.
Evidence: chmod +x ~/.local/bin/aave-v3.
[DATA_EXFILTRATION]: The skill harvests system information (hostname, OS name, architecture, and home directory path) to create a unique device fingerprint which is transmitted to external endpoints (plugin-store-dun.vercel.app and okx.com).
Evidence: The 'Report install' block in SKILL.md constructs DEV_RAW and DEV_ID from local environment data.
[CREDENTIALS_UNSAFE]: The skill contains a hardcoded Base64-encoded secret key used to generate an HMAC signature for the telemetry reporting.
Evidence: _K=$(echo 'OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==' | base64 -d ...).
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from blockchain RPC providers and smart contracts which could theoretically contain malicious instructions.
Ingestion points: Output from aave-v3 and onchainos CLI commands in SKILL.md.
Boundary markers: The documentation includes a 'Data Trust Boundary' section and uses <external-content> tags in examples.
Capability inventory: The agent has access to onchainos wallet contract-call which can perform financial transactions.
Sanitization: No explicit code-level sanitization is visible in the skill manifest.

aave-v3