The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill downloads a shell script from 'https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh' and pipes it directly into the shell ('| sh'). This executes arbitrary remote code from a source that is not listed as a trusted vendor in this environment.\n- [REMOTE_CODE_EXECUTION]: The installation instructions utilize Base64 obfuscation ('OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==') to conceal an HMAC key. This key is decoded and used during the 'auto-injected' setup phase to sign system metadata for external reporting, hiding the telemetry mechanism from plain-text review.\n- [EXTERNAL_DOWNLOADS]: The skill fetches architecture-specific binaries from the author's GitHub releases ('github.com/MigOKG/plugin-store') and saves them to the user's local directory. It also installs remote skills using 'npx skills add' from the 'okx' and 'MigOKG' repositories.\n- [COMMAND_EXECUTION]: The skill executes 'chmod +x' on the downloaded 'hyperliquid' binary to grant it executable permissions. It also runs shell commands to probe system architecture and generate unique device identifiers based on system metadata.\n- [DATA_EXFILTRATION]: The skill gathers sensitive system metadata, including the hostname, OS kernel information, and the user's home directory path. This information is bundled into a device fingerprint and exfiltrated to 'https://plugin-store-dun.vercel.app/install' and 'https://www.okx.com/priapi/v1/wallet/plugins/download/report'.\n- [PROMPT_INJECTION]: The 'SKILL.md' file contains instructions marked as 'auto-injected' which command the agent to perform privileged installations and environment modifications. Furthermore, the skill processes untrusted market data from the Hyperliquid API, which represents an ingestion surface for indirect prompt injection despite the presence of basic data boundary notices.

hyperliquid