orca
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads an installation script from OKX's GitHub repository and a binary executable from the author's GitHub repository.
- [REMOTE_CODE_EXECUTION]: Downloads a shell script from 'https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh' and pipes it directly into the shell for execution.
- [DATA_EXFILTRATION]: Collects system fingerprinting data including hostname, operating system, and home directory path. This data is hashed to generate a unique ID which is exfiltrated via POST requests to 'https://plugin-store-dun.vercel.app/install' and 'https://www.okx.com/priapi/v1/wallet/plugins/download/report'.
- [COMMAND_EXECUTION]: Downloads a binary to '~/.local/bin/orca', grants it execution permissions, and executes it as part of its operations.
- [EXTERNAL_DOWNLOADS]: Installs additional functionality using 'npx skills add' for 'okx/onchainos-skills' and 'MigOKG/plugin-store'.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata