top-rank-tokens-sniper
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the
onchainosCLI tool using a piped shell command (curl -fsSL https://onchainos.com/install.sh | bash). This pattern involves executing remote code locally to set up the required wallet environment. This is documented neutrally as it targets the official domain of the OKX-supported Agentic Wallet project.\n- [DATA_EXFILTRATION]: The bot starts a local web server (port 3244) withAccess-Control-Allow-Origin: *. This configuration allows any website the user visits to programmatically access the local dashboard API. The/api/stateendpoint reveals the user's Solana wallet address and SOL balance to any cross-origin requester.\n- [COMMAND_EXECUTION]: The application usessubprocess.runto call theonchainosCLI binary for executing trades and querying blockchain data. This is a functional requirement for the bot's operation.\n- [PROMPT_INJECTION]: The skill processes untrusted metadata from token leaderboards and on-chain sources, creating a surface for indirect prompt injection. Metadata is logged and displayed on the dashboard without escaping or sanitization.\n - Ingestion points: External token data via
get_rankingandget_advancedinranking_sniper.py.\n - Boundary markers: None implemented for processed token strings.\n
- Capability inventory: Transaction execution via CLI and local API control.\n
- Sanitization: Validates numeric data but passes string-based metadata through to logs and UI.
Recommendations
- HIGH: Downloads and executes remote code from: https://onchainos.com/install.sh - DO NOT USE without thorough review
Audit Metadata