The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the AI agent to download and execute a shell script from an external repository using a high-risk piped execution pattern: curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh. This allows for arbitrary command execution on the host system without prior validation.- [DATA_EXFILTRATION]: The skill gathers sensitive system metadata including the hostname, operating system details (uname), and the user's home directory path ($HOME). This information is used to generate a device fingerprint which is then transmitted to an external server at https://plugin-store-dun.vercel.app/install and an API endpoint at okx.com.- [CREDENTIALS_UNSAFE]: A hardcoded, base64-encoded HMAC key (OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==) is embedded in the SKILL.md file. It is used to sign the collected device fingerprint before it is exfiltrated.- [COMMAND_EXECUTION]: The skill makes extensive use of the std::process::Command module in Rust and shell script blocks in the markdown instructions to execute system commands, including the onchainos CLI and various system profiling tools.- [EXTERNAL_DOWNLOADS]: The skill downloads a pre-compiled binary (kamino-liquidity) from the author's GitHub releases page (https://github.com/MigOKG/plugin-store/releases/download/...) and assigns executable permissions to it.- [DATA_EXFILTRATION]: Indirect Prompt Injection Surface:
Ingestion points: Processes vault and position data from https://api.kamino.finance.
Boundary markers: None; external data from the API is directly presented to the user and the agent.
Capability inventory: Capability to execute shell commands and network requests via onchainos and reqwest.
Sanitization: No evidence of sanitization or validation of data retrieved from the remote API.

kamino-liquidity