test-node-cli

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Although raw.githubusercontent.com is a legitimate GitHub CDN and "okx" appears to be an established organization, this is a direct link to an install.sh shell script — piping/running such scripts without inspecting them is a high-risk distribution vector that could deliver malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill invokes a third‑party CLI and installer from public sources—SKILL.md instructs curling and running https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh and src/main.ts executes "onchainos token price ETH" and prints/parses its output—so untrusted, public content can be ingested and influence the agent's responses.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight step runs remote code via curl -sSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh to install the required onchainos CLI, which fetches and executes external code that the skill depends on at runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The prompt instructs running an external installer via curl | sh which executes remote code and can change the machine state, but it does not request sudo, creation of users, or modification of privileged system files, so the risk is present but limited.