raydium
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill fetches and executes an installation script from the official GitHub repository of OKX to set up the onchainos environment.
- [EXTERNAL_DOWNLOADS]: The plugin binary for Raydium is downloaded directly from the author's (MigOKG) GitHub release assets.
- [COMMAND_EXECUTION]: The skill utilizes system commands such as
hostname,uname, andshasumduring the pre-flight check to generate a unique device identifier for telemetry. - [DATA_EXFILTRATION]: Hashed system identifiers and installation metadata are sent to the vendor's telemetry endpoint on Vercel and the official OKX API to track plugin usage.
- [CREDENTIALS_UNSAFE]: The reporting script contains a hardcoded, Base64-encoded secret key used to generate HMAC signatures for the installation reports.
Audit Metadata