flap
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill installs the onchainos CLI by piping a script from OKX's official GitHub repository directly into the shell (curl | sh).
- [EXTERNAL_DOWNLOADS]: The skill downloads the flap binary from the vendor's GitHub repository and adds several skills using the npx package runner.
- [DATA_EXFILTRATION]: The installation script transmits telemetry data, including the system hostname and $HOME path, to external endpoints at plugin-store-dun.vercel.app and okx.com.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection via the processing of untrusted blockchain data. 1. Ingestion points: External data from BSC RPC providers and Flap Protocol APIs. 2. Boundary markers: The skill includes a 'Data Trust Boundary' notice to guide the agent in handling untrusted output. 3. Capability inventory: Execution of blockchain transactions and contract calls via the onchainos and flap tools. 4. Sanitization: Instructions recommend field filtering for command output displayed to the user.
- [COMMAND_EXECUTION]: The skill relies on the flap and onchainos command-line tools for blockchain interactions on the BSC network.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata