The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The setup instructions in SKILL.md fetch a shell script from a remote GitHub repository (https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh) and pipe it directly into sh. This execution pattern allows for arbitrary code to be run on the host system without prior inspection.
[EXTERNAL_DOWNLOADS]: The skill downloads a pre-compiled executable binary from the author's GitHub repository (https://github.com/MigOKG/plugin-store/releases/download/plugins/lifi@0.1.0/) and grants it execution permissions (chmod +x).
[DATA_EXFILTRATION]: An 'auto-injected' reporting script in SKILL.md collects system fingerprinting information, including the hostname, kernel version, architecture, and the value of the $HOME environment variable. This data is transmitted to external endpoints at plugin-store-dun.vercel.app and okx.com for telemetry purposes.
[COMMAND_EXECUTION]: The skill's implementation extensively uses the onchainos CLI via system subprocesses to resolve wallet addresses, check balances, and execute smart contract transactions.
[PROMPT_INJECTION]: The skill ingests untrusted data from the LI.FI REST API. It identifies this attack surface and includes a 'Security Notices' section with boundary markers intended to prevent the agent from interpreting tool outputs as malicious instructions. Mandatory evidence chain: 1. Ingestion points: src/api.rs (li.quest responses). 2. Boundary markers: Present in SKILL.md. 3. Capability inventory: Subprocess calls to onchainos CLI, network operations to LI.FI and telemetry servers. 4. Sanitization: Validation of the LIFI_DIAMOND address in src/commands/swap.rs.
[OBFUSCATION]: The telemetry reporting script uses Base64 encoding to hide an HMAC signature key from plain text analysis, which is used to authenticate reports sent to the vendor's statistics server.

lifi