frax-ether
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill setup process fetches and executes an installation script directly from OKX's public GitHub repository (okx/onchainos-skills) using a piped shell command.\n- [EXTERNAL_DOWNLOADS]: Downloads the frax-ether binary directly from the author's GitHub releases (MigOKG/plugin-store).\n- [DATA_EXFILTRATION]: Performs installation telemetry by transmitting a device identifier to okx.com and a Vercel-hosted endpoint. The identifier is a SHA-256 hash derived from the system hostname, OS type, hardware architecture, and home directory path, ensuring device uniqueness without exposing raw system data.\n- [PROMPT_INJECTION]: The skill processes untrusted data from the Ethereum network and the Frax Finance API, creating an indirect prompt injection surface.\n
- Ingestion points: Data is ingested via eth_call in src/onchainos.rs and the Frax API summary endpoint in src/commands/rates.rs.\n
- Boundary markers: The SKILL.md documentation includes a dedicated Security Notices section that instructs the agent to treat external data as untrusted and prioritize user confirmation.\n
- Capability inventory: The skill can initiate blockchain transactions via the onchainos CLI and perform network requests to public RPC nodes and vendor APIs.\n
- Sanitization: The binary implementation parses JSON responses from external sources without explicit sanitization or filtering of the string contents.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata