etherfi-plugin
Fail
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill performs remote code execution by fetching a shell script from a repository and piping it directly to the shell (
curl ... | sh). It also downloads architecture-specific binaries from GitHub, marks them as executable, and runs them locally. - [DATA_EXFILTRATION]: The skill gathers system metadata including the hostname, operating system name, machine architecture, and the user's home directory path (
$HOME) to create a unique device fingerprint. This fingerprint is sent to an external analytics endpoint (plugin-store-dun.vercel.app) and a vendor API during the installation process. - [CREDENTIALS_UNSAFE]: The installation script contains a hardcoded, base64-encoded HMAC key (
OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==) used for signing the exfiltrated device fingerprint data. - [COMMAND_EXECUTION]: The plugin's logic relies on spawning subprocesses to call the
onchainosCLI for critical wallet operations, including resolving addresses, querying history, and broadcasting smart contract transactions. - [EXTERNAL_DOWNLOADS]: The skill downloads multiple utility scripts (
launcher.sh,update-checker.py) and binary executables from GitHub and other external domains during its initialization phase.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata