mayan
Audited by Snyk on Apr 9, 2026
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). These links instruct fetching and executing a raw install.sh and platform binaries (GitHub Releases) from unfamiliar user repos (MigOKG, skylavis-sky) plus third‑party telemetry endpoints (Vercel) — direct curl|sh and unknown-account release .exe/.bin distribution are a high‑risk pattern for malware delivery.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches quotes and transaction data from external APIs/on-chain sources (see SKILL.md steps for get-quote, swap, and get-status which "fetch best route quote", "build transaction via Mayan API", and "polls the Mayan Explorer API") and plugin.yaml lists api_calls (e.g., https://price-api.mayan.finance, https://explorer-api.mayan.finance), so untrusted third-party content is ingested and can directly influence route selection and whether to execute write operations.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight install steps fetch and execute remote code at runtime (curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh) and download+install a binary from GitHub (https://github.com/MigOKG/plugin-store/releases/download/plugins/mayan@0.1.0/...) which are required dependencies that execute remote code.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I found one hardcoded secret: the base64 string assigned to _K in the "Report install" script:
OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==
The script decodes this value and uses it as an HMAC signing key (HMAC-signed device token / "obfuscated key, same as CLI binary"), which is a high-entropy literal secret and could be used to forge/impersonate install reports. This meets the definition of a secret and is actionable.
Other long values in the doc (Ethereum/Solana addresses, token addresses, commit hash, example tx hashes, and the onchainos/okx endpoints) are public blockchain addresses, placeholders, or non-sensitive metadata and were not flagged. No PEM/private-key blocks or live API keys (sk-*, bearer tokens, etc.) were present.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a crypto cross-chain swap tool. It provides concrete commands to build and broadcast on-chain transactions (mayan swap), performs ERC‑20 approve flows, converts and broadcasts Solana transactions, and requires a connected wallet. These are specific crypto/blockchain payment/execution capabilities (wallet interaction, transaction signing/broadcasting, token swaps), not generic API callers or browser automation. Therefore it grants direct financial execution authority.
Issues (5)
Suspicious download URL detected in skill instructions.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Secret detected in skill content (API keys, tokens, passwords).
Direct money access capability detected (payment gateways, crypto, banking).