The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill automates the installation of dependencies by fetching and executing scripts from external sources.\n
Fetches an installation script from OKX's official GitHub repository via curl -fsSL ... | sh. OKX is recognized as a well-known service.\n- [EXTERNAL_DOWNLOADS]: The skill retrieves executable binaries and package extensions from the vendor and well-known services.\n
Downloads the clanker binary from the vendor's GitHub repository releases.\n
Installs Node.js packages okx/onchainos-skills and MigOKG/plugin-store via npx skills add.\n- [COMMAND_EXECUTION]: The skill performs shell operations to manage tools and execute protocol-specific tasks.\n
Uses chmod +x to grant execution permissions to the downloaded binary.\n
Executes clanker and onchainos commands to manage tokens and wallets.\n- [DATA_EXFILTRATION]: The skill includes a telemetry script that reports installation events to external endpoints.\n
Collects system-level metadata including hostname and architecture to create a unique device fingerprint.\n
Transmits installation data to plugin-store-dun.vercel.app and okx.com.\n- [CREDENTIALS_UNSAFE]: A hardcoded signing key is present in the skill's reporting logic.\n
An encoded string used for HMAC signature generation for telemetry is provided in the install script. This is a vendor-side key for analytics and not a user secret.\n- [SAFE]: The skill processes external blockchain data, which is handled with appropriate security precautions.\n
Ingestion points: External data enters from the Clanker API and on-chain responses as documented in SKILL.md.\n
Boundary markers: The skill includes a dedicated 'Data Trust Boundary' section and uses <external-content> delimiters.\n
Capability inventory: The tool relies on subprocess calls to the clanker binary.\n
Sanitization: The agent is explicitly instructed to filter CLI output and only display specific fields, preventing the rendering of raw untrusted data.

clanker