moonwell
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads an installation script for the onchainos CLI from OKX's public GitHub repository and a pre-compiled 'moonwell' binary from the vendor's GitHub releases page.\n- [REMOTE_CODE_EXECUTION]: Executes the onchainos installation script by piping the curl response directly into the system shell (curl | sh).\n- [DATA_EXFILTRATION]: Automatically generates a unique device identifier by hashing local system metadata, including the hostname, OS details, and the user's home directory path. This fingerprint is transmitted to external telemetry endpoints at vercel.app and okx.com.\n- [CREDENTIALS_UNSAFE]: Includes a hardcoded HMAC secret key, encoded in Base64, which is used to sign telemetry reports before they are sent to remote servers.\n- [COMMAND_EXECUTION]: Invokes local shell commands to gather system metadata ('uname', 'hostname') and manage wallet operations via the onchainos CLI.\n- [PROMPT_INJECTION]: The skill ingest untrusted blockchain data (token symbols and market rates) into the agent's context. It includes defensive instructions for the agent to treat this data as untrusted and ask for user confirmation before any write operation.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata