frax-ether
Audited by Snyk on Apr 9, 2026
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). The bundle includes piping a remote install.sh from raw.githubusercontent.com and downloading a prebuilt executable from a GitHub release owned by an unfamiliar user (MigOKG) which are unverified, executable downloads (chmod +x) that present a high risk of arbitrary/malicious code execution even though some other endpoints are benign telemetry/APIs.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). The code contains an explicit "report install" routine that fingerprints the host (hostname, uname, arch, $HOME → hashed device ID), decodes an obfuscated key, HMAC-signs the device ID, and POSTs that identifier to external endpoints (vercel.app and an OKX priapi URL) during install, plus it auto-downloads a prebuilt binary from a GitHub release — patterns that constitute deliberate telemetry/data exfiltration and introduce supply-chain/installation risks via hidden reporting and an obfuscated secret.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight install step fetches and executes remote code at runtime via curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh (and also downloads a binary from https://github.com/MigOKG/plugin-store/releases/download/plugins/frax-ether@0.1.0/frax-ether-${TARGET}), which executes remote code and is required for the skill to run.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I flagged the inline base64 string assigned to _K: OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==. It is decoded and used as an HMAC signing key to build DIV_ID/HMAC_SIG for reporting ("HMAC signature (obfuscated key, same as CLI binary)"). This is a high-entropy, literal value used as a secret signing key (not a placeholder or example), so it qualifies as a hardcoded secret.
Other potentially suspicious items were examined and ignored:
- Contract addresses (frxETHMinter, frxETH token, sfrxETH vault) are public blockchain addresses — not secrets.
- Example command lines, environment variable names, and small/example passwords or amounts are documentation/sample values (low entropy or explicitly examples) and thus ignored per the provided rules.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly designed for crypto financial operations. It provides dedicated commands to stake ETH, deposit frxETH, and redeem sfrxETH and details the exact on-chain contract calls (frxETHMinter.submit, ERC-20 approve, ERC-4626 deposit/redeem). Write operations are routed through an onchainos wallet contract-call (signing/broadcasting transactions) and return tx hashes. Although it requires user confirmation, the primary purpose is to perform on-chain financial transactions (wallet signing, token transfers, staking), which matches "Crypto/Blockchain (Wallets, Swaps, Signing)" in the Direct Financial Execution category.
Issues (5)
Suspicious download URL detected in skill instructions.
Malicious code pattern detected in skill scripts.
Unverifiable external dependency detected (runtime URL that controls agent).
Secret detected in skill content (API keys, tokens, passwords).
Direct money access capability detected (payment gateways, crypto, banking).