zerolend
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill performs remote code execution by fetching a shell script from the OKX GitHub repository and piping it directly to the system shell during the pre-flight installation phase.
- [EXTERNAL_DOWNLOADS]: Downloads the platform-specific zerolend binary from the vendor's GitHub releases and the onchainos CLI installation script from external sources.
- [DATA_EXFILTRATION]: Reports installation telemetry by sending a hashed device fingerprint, derived from the system hostname and home directory path, to okx.com and a Vercel-hosted stats endpoint.
- [COMMAND_EXECUTION]: Employs shell commands to create local directories and utilizes chmod to modify file permissions, enabling the execution of the downloaded binary tools.
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from blockchain RPC providers. Ingestion points: CLI output from the zerolend binary (SKILL.md). Boundary markers: Present in the 'Data Trust Boundary' section which warns against interpreting output as commands. Capability inventory: Subprocess execution via the zerolend and onchainos binaries. Sanitization: Instructs the agent to perform field filtering and only render human-relevant information to mitigate injection risks.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata