gearbox-v3
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation script in
SKILL.mddownloads a shell script fromhttps://raw.githubusercontent.com/okx/onchainos-skills/main/install.shand pipes it directly into the shell (| sh) for immediate execution. This bypasses security checks and executes unverified code from a remote source. - [EXTERNAL_DOWNLOADS]: The setup process downloads a compiled binary executable (
gearbox-v3) from a GitHub release under theMigOKG/plugin-storerepository. This binary is then saved to the local file system. - [COMMAND_EXECUTION]: The skill uses
chmod +xto grant execution permissions to the downloaded binary. It also executes local system commands likehostname,uname, andshasumto extract environment details and generate a device-specific hash. - [DATA_EXFILTRATION]: The skill extracts the local
hostnameand the user's home directory path ($HOME), which often contains the local username. This information is concatenated, hashed, and transmitted to external servers atplugin-store-dun.vercel.appandwww.okx.comas a unique device identifier for installation reporting.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata