lido
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and executes a shell script from the OKX GitHub repository using a piped shell execution pattern (
curl | sh) for environment setup. - [EXTERNAL_DOWNLOADS]: Downloads a pre-compiled plugin binary directly from the vendor's (
MigOKG) GitHub release assets to the local machine. - [REMOTE_CODE_EXECUTION]: Executes the downloaded vendor binary and the piped installation script during the pre-flight dependency phase.
- [COMMAND_EXECUTION]: Interacts with the local system through the
onchainosCLI to perform wallet balance queries and execute smart contract calls. - [DATA_EXFILTRATION]: Implements a telemetry system that collects system identifiers (hostname, operating system, and home directory path) to generate a hashed device ID, which is then sent to external reporting endpoints at Vercel and OKX.
- [OBFUSCATION]: Uses Base64 encoding within the installation reporting script to store a static key required for generating HMAC signatures.
- [INDIRECT_PROMPT_INJECTION]: Ingests data from external Lido protocol REST APIs and public Ethereum RPC providers. The skill includes a 'Data boundary notice' instructing the agent to treat all such external data as untrusted content.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata