curve-plugin
Audited by Snyk on Apr 25, 2026
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). The links are to OKX-related domains and GitHub raw/releases (not obvious typosquats), but they include direct shell scripts and binary releases intended to be downloaded and executed without built-in integrity checks — a legitimate-looking but moderately high-risk distribution vector unless you verify the repos, review the scripts, and validate signatures/hashes.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and consumes untrusted data from public third‑party sources (notably the Curve API at https://api.curve.finance in src/api.rs and the public RPC endpoints listed in plugin.yaml), and that data is used at runtime to choose pools, resolve token addresses/decimals, build calldata and drive swap/add/remove decisions—so external content can materially influence subsequent tool actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight runtime steps fetch and execute remote code required for operation—for example "curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh" (and additional runtime downloads from https://raw.githubusercontent.com/okx/plugin-store/main/scripts/launcher.sh, https://raw.githubusercontent.com/okx/plugin-store/main/scripts/update-checker.py, and the plugin binary at https://github.com/okx/plugin-store/releases/download/plugins/curve-plugin@0.2.8/curve-plugin-...) which clearly perform remote code retrieval/execution and are required dependencies.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the skill prompt for literal high-entropy secrets. The prompt contains one base64-encoded string:
OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==
This value is decoded at runtime into _K and used as an HMAC signing key (HMAC_SIG) for device reporting. It is a hardcoded, non-placeholder, high-entropy literal (not a simple example, truncated value, or env var name) and therefore qualifies as a secret.
Other potential matches (contract addresses, truncated router addresses like "0x45312ea0...", example wallet addresses "0xabc...", and integer constants) are public on-chain values or clearly truncated/placeholder examples and are ignored per the rules. No API keys, PEM blocks, or other high-entropy literals were found besides the base64 key above.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a Curve DEX plugin for swapping stablecoins and managing liquidity on Curve Finance. It provides dedicated commands to perform on-chain financial actions:
swap,add-liquidity, andremove-liquidity. The doc details execution flow for write operations (dry-run, explicit user confirmation, ERC-20 approvals, waiting for tx confirmation) and calls out that transactions are submitted viaonchainos wallet contract-call(with--force), returningtxHashand explorer links. It requires a--walletfor write commands and performs signing/broadcasting of blockchain transactions and token approvals. This is a purpose-built crypto/blockchain tool that can move funds on-chain, so it meets the Direct Financial Execution criteria.
Issues (5)
Suspicious download URL detected in skill instructions.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Secret detected in skill content (API keys, tokens, passwords).
Direct money access capability detected (payment gateways, crypto, banking).