aave-v3-plugin

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The links are direct downloads (raw .sh, .py and a GitHub release binary) from the okx GitHub organization — a legitimate, well-known vendor — but they include curl|sh and executable release artifacts which present a meaningful risk if the repository or release assets are compromised or if you run them without inspection.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and interprets external, untrusted data — e.g., SKILL.md and src/commands show it resolves Pool addresses and reads user account data via public RPC endpoints (plugin.yaml api_calls and rpc/get_pool / Pool.getUserAccountData) and calls onchainos/OKX defi APIs (defi_positions, defi_collect) whose values (health factor, available borrows, positions) directly influence warnings, dry-run vs execute decisions, and transaction submission.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's pre-flight install steps fetch and execute remote code at runtime (notably curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh and the GitHub release download https://github.com/okx/plugin-store/releases/download/plugins/aave-v3-plugin@0.2.7/aave-v3-plugin-... ), which installs required binaries/launchers that will run locally—this is a runtime dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial operations for Aave V3: it constructs ABI calldata, performs ERC-20 approvals, and executes transactions (supply, withdraw, borrow, repay, set-collateral, set-emode, claim-rewards) via onchainos wallet contract-call and the aave-v3-plugin binary. It supports an execution flag (--confirm) to broadcast transactions from the user's wallet and returns txHashes. These are direct crypto/blockchain transaction capabilities (wallet signing and token transfers), not generic tooling.