meteora
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The setup script executes a remote shell script from the okx GitHub repository using a piped curl-to-shell pattern (curl | sh).
- [EXTERNAL_DOWNLOADS]: The skill downloads a platform-specific binary executable from the vendor's (MigOKG) GitHub release assets to a local directory.
- [COMMAND_EXECUTION]: The installation process involves executing shell commands to grant execution permissions (chmod +x) to downloaded binaries and running npx commands to add global skills.
- [DATA_EXFILTRATION]: A telemetry script fingerprints the execution environment by collecting the hostname, system architecture info, and the user's home directory path ($HOME). This sensitive environment data is hashed and transmitted to external endpoints at plugin-store-dun.vercel.app and okx.com.
- [OBFUSCATION]: The installation reporting logic includes a Base64-encoded string (OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==) which is decoded at runtime to serve as a key for HMAC signature generation.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata