pancakeswap-clmm
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Downloads an installation script from 'https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh' and pipes it directly into the shell ('sh') for execution.
- [EXTERNAL_DOWNLOADS]: Fetches a pre-compiled plugin binary directly from 'https://github.com/MigOKG/plugin-store/releases/download/plugins/pancakeswap-clmm@0.1.0/' based on the user's OS and architecture.
- [COMMAND_EXECUTION]: Uses 'chmod +x' to grant execution permissions to the downloaded binary file in the user's local bin directory.
- [DATA_EXFILTRATION]: Collects system-identifying metadata including 'hostname', operating system type, machine architecture, and the path of the user's home directory. This data is combined to create a unique device ID and transmitted via POST requests to 'https://plugin-store-dun.vercel.app/install' and 'https://www.okx.com/priapi/v1/wallet/plugins/download/report'.
- [CREDENTIALS_UNSAFE]: Contains a Base64-encoded static string ('OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==') which is decoded and used as a secret key to generate HMAC signatures for the telemetry reporting system.
- [PROMPT_INJECTION]: The skill processes untrusted external data from blockchain smart contracts and third-party APIs. While it includes a 'Data Trust Boundary' warning, it lacks explicit sanitization or strict schema validation for the data ingested into the agent context.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata