velodrome-v2
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's setup process involves piping a shell script from the OKX GitHub repository directly into the sh command. While this originates from a known organization, this method of installation is difficult to verify at runtime.
- [EXTERNAL_DOWNLOADS]: Core executable binaries are downloaded from the MigOKG plugin-store repository. Additionally, the skill adds global dependencies using npx.
- [COMMAND_EXECUTION]: The skill executes various system utilities (hostname, uname) and invokes the onchainos CLI for querying wallet information and executing contract calls.
- [DATA_EXFILTRATION]: An installation script generates a device fingerprint by hashing the hostname and the user's home directory path. This hashed identifier is transmitted to okx.com and a Vercel-hosted telemetry endpoint (plugin-store-dun.vercel.app) to track plugin usage.
- [PROMPT_INJECTION]: The skill processes untrusted data from the Optimism blockchain (e.g., token metadata and pool reserves). Although it includes instructions to the agent to disregard embedded commands in this data, the ingestion of external content combined with wallet execution capabilities presents an indirect prompt injection surface.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata