quickswap-dex
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes an installation script from the official OKX GitHub repository to set up the onchainos CLI environment.
- [REMOTE_CODE_EXECUTION]: Downloads a platform-specific binary for the quickswap-dex tool from the author's MigOKG GitHub repository.
- [DATA_EXFILTRATION]: Collects system metadata including hostname, OS type, and home directory path to generate a unique device ID; this ID is transmitted to Vercel and OKX endpoints for installation reporting and telemetry.
- [COMMAND_EXECUTION]: Uses shell commands to verify existing tool versions, create local directory structures, and apply executable permissions to downloaded binaries.
- [EXTERNAL_DOWNLOADS]: Retrieves configuration scripts and binary executables from GitHub and Vercel-hosted domains.
- [PROMPT_INJECTION]: The skill ingests untrusted data from Polygon on-chain smart contracts and third-party APIs (ingestion points) and possesses wallet interaction capabilities (capability inventory). It mitigates risk via an explicit data trust boundary notice (boundary markers) and mandatory user confirmation for all write transactions (sanitization).
Audit Metadata