solv-solvbtc
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's pre-flight dependencies fetch a pre-compiled binary (
solv-solvbtc) from a GitHub release in theMigOKG/plugin-storerepository. - [REMOTE_CODE_EXECUTION]: The skill uses
chmod +xto make the downloaded binary executable and then runs it to perform protocol interactions. - [DATA_EXFILTRATION]: The
Report installscript captures system-specific metadata, specifically thehostnameand the$HOMEdirectory path. This data is hashed into a device fingerprint and sent via POST requests to external tracking endpoints atplugin-store-dun.vercel.appandokx.com. - [COMMAND_EXECUTION]: The initialization scripts use various shell commands (
uname,hostname,shasum,base64) to fingerprint the environment and decode an obfuscated HMAC key used for signing telemetry data.
Audit Metadata