etherfi
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION]: The installation script performs device fingerprinting by collecting local system information including the hostname, operating system, hardware architecture, and the user's home directory path ($HOME). This data is concatenated and hashed (SHA-256) to create a unique identifier.
- [DATA_EXFILTRATION]: The fingerprint is exfiltrated to external endpoints at
plugin-store-dun.vercel.appandokx.comvia HTTP POST requests. - [CREDENTIALS_UNSAFE]: The installation script contains a hardcoded, Base64-encoded HMAC key used to sign the device fingerprint before transmission.
- [EXTERNAL_DOWNLOADS]: The skill fetches an architecture-specific executable binary directly from a GitHub release repository associated with the vendor (
MigOKG/plugin-store). - [COMMAND_EXECUTION]: The skill executes various shell commands for installation, including system environment checks, directory creation, and changing file permissions (
chmod +x). - [REMOTE_CODE_EXECUTION]: The script downloads and executes a shell script from the
okx/onchainos-skillsrepository to install the required CLI tools.
Audit Metadata