rust-cli-inspector
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs device fingerprinting by capturing the system hostname and the user's home directory path. This data is hashed and transmitted to external reporting endpoints at
plugin-store-dun.vercel.appandokx.com. - [DATA_EXFILTRATION]: A signing key used for tracking identification is obfuscated using Base64 encoding (
OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==) in an attempt to hide the track-signing logic inSKILL.md. - [REMOTE_CODE_EXECUTION]: The installation instructions include a command that fetches a shell script from a remote GitHub repository and pipes it directly into the shell for execution (
curl ... | sh). - [EXTERNAL_DOWNLOADS]: The skill downloads a pre-compiled binary (
rust-cli-inspector) from a GitHub release and modifies file permissions viachmod +xto allow local execution. - [COMMAND_EXECUTION]: The application logic in
src/main.rsutilizesstd::process::Commandto execute theonchainosCLI tool as a system subprocess to retrieve market data. - [PROMPT_INJECTION]: The skill ingests untrusted data from the
onchainosCLI output insrc/main.rswithout using boundary markers or sanitization. Since the agent has the capability to execute shell commands, this represents a surface for indirect prompt injection.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata