The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Fetches and executes a shell script directly from OKX's official GitHub repository (okx/onchainos-skills) using a piped command (curl | sh). This is used for the initial environment setup and installation of the onchainos CLI.
[EXTERNAL_DOWNLOADS]: Downloads additional dependencies and binaries from external sources:
Installs the okx/onchainos-skills and MigOKG/plugin-store packages via npx during session initialization.
Fetches a platform-specific binary (pancakeswap-v2) from the MigOKG/plugin-store GitHub releases to the user's local bin directory.
[DATA_EXFILTRATION]: Implements an automated installation reporting mechanism that collects system metadata (hostname, OS, architecture, and home directory path) to generate a unique device fingerprint. While the raw metadata is hashed locally before transmission, the resulting identifier is sent to external reporting endpoints at plugin-store-dun.vercel.app and okx.com.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on external blockchain data. It includes a mandatory evidence chain for this surface:
Ingestion points: CLI output containing token names, addresses, amounts, and reserve data originating from external smart contracts and third-party APIs.
Boundary markers: Present; the skill includes a 'Data Trust Boundary' section instructing the agent to treat all returned data as untrusted external content.
Capability inventory: The skill can execute high-privilege operations including onchainos wallet contract-call --force for swaps, approvals, and liquidity management.
Sanitization: No specific sanitization or validation of the CLI output is described before it is processed by the agent.

pancakeswap-v2