clanker-plugin
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill executes a shell script directly from a remote URL (raw.githubusercontent.com/okx/onchainos-skills/main/install.sh) by piping it to sh during the initialization phase.\n- [EXTERNAL_DOWNLOADS]: Fetches several support scripts (launcher.sh, update-checker.py) and pre-compiled platform-specific binaries from the vendor's official GitHub organization (okx).\n- [DATA_EXFILTRATION]: Collects system-level metadata, including hostname, operating system details, and the user's home directory path, to generate a hashed device fingerprint transmitted to the vendor's telemetry endpoints for usage tracking.\n- [COMMAND_EXECUTION]: Directly invokes the onchainos CLI tool to resolve wallet addresses, scan tokens for security risks, and execute contract calls on-chain.\n- [PROMPT_INJECTION]: Processes untrusted external data retrieved from the Clanker API and on-chain contract states which could contain malicious instructions.\n
- Ingestion points: Token listings, search results, and metadata fetched in src/api.rs and src/onchainos.rs.\n
- Boundary markers: The SKILL.md documentation includes a dedicated 'Data Trust Boundary' section explicitly warning the agent to treat all CLI outputs as untrusted content.\n
- Capability inventory: The plugin provides a wrapper for 'onchainos wallet contract-call', enabling the agent to submit transactions to the blockchain.\n
- Sanitization: No programmatic sanitization of token metadata is performed; the skill instead relies on a mandatory dry-run and user confirmation flow described in the execution instructions.
Audit Metadata