okx-buildx-hackathon-agent-track

SUSPICIOUS. The core hackathon workflow is plausible, but the actual footprint is broader than needed: raw-script install, transitive third-party skill installation, hidden install telemetry to a Vercel endpoint, and support for autonomous public/on-chain actions. The telemetry and extra plugin-store trust chain are the main reasons this is not benign.