debridge
Audited by Snyk on Apr 9, 2026
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). The bundle includes direct executable downloads and a raw GitHub install.sh piped to sh plus a GitHub release binary from a small/unknown account (MigOKG), which are high-risk delivery patterns even though some endpoints (okx, debridge.finance) look legitimate — these combined factors make this a suspicious download vector for potential malware or unwanted code execution.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly performs direct HTTP calls to the deBridge DLN REST API (https://dln.debridge.finance/v1.0) and consumes API-returned fields (e.g., tx.to, tx.data, tx.value, order status) as inputs to build and submit on-chain transactions, meaning untrusted third-party content can materially influence the agent's actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight runtime installs fetch and execute remote code—e.g. curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh (installs onchainos) and curl -fsSL https://github.com/MigOKG/plugin-store/releases/download/plugins/debridge@0.1.0/debridge-${TARGET}${EXT} -o ~/.local/bin/debridge (downloads an executable)—so required external content is executed at runtime.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the entire skill prompt for high-entropy literal values that would qualify as secrets.
Flagged item:
- The base64 literal in the install/report script:
'OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw=='
This is decoded into _K and used as the "obfuscated key" for an HMAC signature (HMAC-signed device token). It is a high-entropy secret embedded directly in the script and therefore qualifies as a hardcoded credential.
Ignored items (not flagged) and why:
- All contract and token addresses (0x... and Solana base58 addresses) are public on-chain addresses, not secrets.
- The "Native ETH" zero address and the Solana system address (1111...) are known public placeholders.
- Example CLI command values and example outputs (amounts, orderId example like 0xabc123...) are sample data or truncated and not high-entropy secrets.
- No API keys (sk-...), PEM blocks, or private keys were present elsewhere.
Conclusion: the embedded base64 key (_K) is a real, high-entropy secret; everything else is public/example content and is ignored.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a crypto bridging tool: it constructs, signs/submits, and manages on-chain token bridge transactions (including ERC-20 approve flows, building tx calldata/tx.data, converting Solana txs, submitting createOrder, returning txHash/orderId, and polling status). It requires a connected wallet and uses onchainos wallet contract-call to broadcast transactions (the binary internally uses a --force broadcast flag). These are specific, explicit crypto financial execution operations (wallet interactions, token approvals, cross-chain swaps), not generic tooling. Therefore it grants direct financial execution authority.
Issues (5)
Suspicious download URL detected in skill instructions.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Secret detected in skill content (API keys, tokens, passwords).
Direct money access capability detected (payment gateways, crypto, banking).