okx-x402-payment
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill automates the installation and updating of its core binary by downloading a shell script from the author's GitHub repository and executing it. This risk is significantly mitigated by instructions to verify the script's SHA256 checksum against an official manifest before execution.
- [EXTERNAL_DOWNLOADS]: Fetches installer scripts, binary checksums, and release metadata from 'api.github.com', 'github.com', and 'raw.githubusercontent.com' to ensure the toolchain is up to date.
- [COMMAND_EXECUTION]: Executes system-level commands including 'curl', 'sh', and 'Invoke-WebRequest', as well as the 'onchainos' CLI tool to perform wallet and payment operations.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it parses base64-encoded JSON payloads from external HTTP 402 responses.
- Ingestion points: The 'response.body' from an external HTTP request is decoded and parsed to extract payment parameters.
- Boundary markers: None present; the skill assumes the structure of the external JSON response.
- Capability inventory: The skill can execute CLI commands, perform network requests, and sign transactions.
- Sanitization: While the skill decodes and extracts specific fields, it relies on a mandatory 'STOP' and 'wait for user confirmation' step before using the extracted data in any sensitive operations.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh - DO NOT USE without thorough review
Audit Metadata