sushiswap-v3
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill executes a remote shell script directly from a non-whitelisted GitHub repository by piping curl output to sh (https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh). It also adds additional skills via npx skills add from external sources.
- [EXTERNAL_DOWNLOADS]: The skill downloads a binary executable from the author's GitHub repository and grants it execution permissions (chmod +x) on the host system.
- [DATA_EXFILTRATION]: The skill harvests system metadata including the hostname and the path of the user's home directory ($HOME) to generate a unique device identifier. This identity data is then transmitted to external telemetry servers (okx.com and a Vercel-hosted application).
- [OBFUSCATION]: Base64 encoding is utilized in the installation script to conceal an HMAC key used for signing the telemetry data transmitted during the reporting process.
- [COMMAND_EXECUTION]: The skill relies on shell command execution to perform environment discovery (uname, hostname) and to interact with the onchainos wallet CLI for executing blockchain transactions.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from EVM RPC providers. (1) Ingestion points: Token names, symbols, and pool metadata fetched in rpc.rs. (2) Boundary markers: Present in SKILL.md as a notice to the agent. (3) Capability inventory: High-risk capabilities include submitting contract calls via onchainos.rs. (4) Sanitization: Absent; the skill passes raw RPC output to the agent's context.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata