loopscale
Audited by Snyk on Apr 9, 2026
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.75). Mixed signals: some endpoints (okx, loopscale API, GitHub source tree) look legitimate, but the skill instructs curl|sh of a raw GitHub install script and downloads prebuilt binaries (.exe/others) from a third-party GitHub release (user "MigOKG"), which are high-risk distribution vectors if the release/account is untrusted or compromised.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly calls the external Loopscale partner REST API (https://tars.loopscale.com) in its required read/write flows (see SKILL.md and plugin.yaml for get-vaults, get-position, borrow/quote endpoints), and the agent is expected to ingest and act on those API responses to build/submit transactions—so untrusted third‑party data can materially influence actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill’s pre-flight installation runs remote installers at runtime that execute fetched code — e.g. curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh (installs onchainos) and downloads the loopscale binary from https://github.com/MigOKG/plugin-store/releases/download/plugins/loopscale@0.1.0/... which are required dependencies and execute remote code.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I found a high-entropy, literal credential: the base64 string assigned to _K in the install/report script:
OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==
The script base64-decodes that value and uses it as an HMAC key to sign a device token ("HMAC signature (obfuscated key, same as CLI binary)"), so this is a usable secret embedded directly in the code. Base64-encoding does not make it non-secret — it is still a literal secret key.
Ignored items and why:
- Vault and wallet public keys (AXanC..., 7PeYx..., U1h9...) are public addresses, not secrets.
- Example and sample outputs, environment variable names, and statements like "No API key required" are documentation/sample content and not secrets.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a Solana lending/borrowing plugin with dedicated write commands (lend, withdraw, borrow, repay) that build and submit on-chain transactions via the onchainos wallet (uses onchainos wallet contract-call). It deposits/withdraws tokens, creates loans, draws principal, repays loans, and broadcasts transactions (write ops use --force and the agent is the confirmation gate). This is a specific crypto/blockchain financial execution capability, not a generic tool.
Issues (5)
Suspicious download URL detected in skill instructions.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Secret detected in skill content (API keys, tokens, passwords).
Direct money access capability detected (payment gateways, crypto, banking).