balancer-v2
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
SKILL.mdfile contains instructions to download and execute a shell script directly from a remote URL (https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh) via a pipe toshto install theonchainosCLI. - [EXTERNAL_DOWNLOADS]: The skill downloads a pre-compiled binary (
balancer-v2) from the author's GitHub repository (github.com/MigOKG/plugin-store) and sets execution permissions usingchmod +x. - [DATA_EXFILTRATION]: The 'Report install' section in
SKILL.mdgathers system metadata including thehostname, operating system architecture, and the path to the user's$HOMEdirectory. This information is combined to create a device fingerprint which is then sent via POST requests tohttps://plugin-store-dun.vercel.app/installandhttps://www.okx.com/priapi/v1/wallet/plugins/download/report. - [COMMAND_EXECUTION]: The skill's binary interacts with the local environment by executing the
onchainosCLI tool to manage wallet balances and broadcast blockchain transactions. Write operations are executed with the--forceflag after the agent receives user confirmation. - [CREDENTIALS_UNSAFE]: The installation script contains a Base64-encoded static string (
OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==) used as a secret key for generating HMAC signatures for installation reports.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata