vertex-edge
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's pre-flight script downloads a pre-compiled binary from a GitHub repository ('MigOKG/plugin-store') and assigns it execution permissions. This allows for the execution of arbitrary compiled code on the host machine. \n- [DATA_EXFILTRATION]: The installation process fingerprints the host system by collecting the 'hostname', operating system details ('uname'), and the user's home directory path ('$HOME'). This metadata is hashed and transmitted to 'plugin-store-dun.vercel.app' and 'okx.com' for telemetry without explicit user consent. \n- [COMMAND_EXECUTION]: The skill uses shell commands to extract environment variables and system identifiers, automatically running these checks to identify the target architecture and report the installation status.
Recommendations
- AI detected serious security threats
Audit Metadata