lido-v2
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes an installation script for the onchainos CLI from OKX's official GitHub repository.
- [EXTERNAL_DOWNLOADS]: Downloads a pre-compiled 'lido' binary from the author's (MigOKG) GitHub repository and assigns execution permissions.
- [DATA_EXFILTRATION]: Collects system metadata, including the hostname, operating system details, and home directory path, to generate a unique device ID for installation telemetry sent to the author's Vercel-hosted service and OKX.
- [COMMAND_EXECUTION]: Utilizes local CLI tools ('onchainos' and 'lido') to perform on-chain operations such as staking, wrapping tokens, and managing withdrawals.
- [PROMPT_INJECTION]: Implements a data trust boundary that explicitly warns the agent to treat all CLI and API output as untrusted external content, mitigating risks of indirect prompt injection.
Audit Metadata