Skills
skills/migokg/plugin-store/test-node-cli/Gen Agent Trust Hub

test-node-cli

Fail

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The file SKILL.md contains the instruction curl -sSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh, which downloads and executes code from a third-party source without prior verification or hash checking. This execution pattern is highly vulnerable to supply chain attacks and unauthorized remote code execution.
  • [COMMAND_EXECUTION]: The Node.js source code in src/main.ts uses the execSync method to run the onchainos token price ETH command. While the command string is currently hardcoded, this function provides the skill with direct access to the system's shell, which can be misused if user input is eventually incorporated into the command string.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 5, 2026, 12:56 PM