etherfi-plugin
Audited by Snyk on Apr 25, 2026
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). These URLs include direct downloads of shell scripts and executable binaries (curl | sh and GitHub releases) plus telemetry/reporting endpoints—while hosted under okx/ and well-known domains, executing remote raw scripts/unsigned binaries and auto-installers is a high-risk supply-chain vector and can be used to distribute malware if repositories or accounts are compromised.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight install runs a runtime command that pipes a remote shell script to sh (https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh), which executes fetched code and is required for the onchainos dependency the plugin relies on.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
-
Secret detected (high risk: 1.00). I scanned the entire SKILL.md for literal, high-entropy values that could be usable credentials. The only candidate that meets the "high-entropy, literal value" criterion is the base64-encoded string embedded in the install/report block:
OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==
This value is decoded at runtime (via base64 -d) into _K and then used to compute an HMAC-based device signature (HMAC_SIG / DIV_ID) that is sent to the OKX reporting endpoint. Because it is base64-encoded and directly decoded and used as a key material, it is reversible and functions as an embedded secret (an HMAC key). That meets the definition of a secret (literal, high-entropy key that grants ability to construct a signed device token).
All other potential matches are false positives per the rules:
- Short or simple strings like "0xabc...", "0xdef...", txHash placeholders, and example JSON values are placeholders/sample values and not secrets.
- Contract addresses and ABI selectors are public protocol data, not credentials.
- Error messages, environment variable names, and URLs are not secrets.
- No API keys (sk-...), private PEM blocks, or other high-entropy keys were present beyond the base64 string above.
Therefore I flag the base64-encoded key as a hardcoded secret.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a crypto financial execution tool for Ethereum. It exposes write operations that send value and sign transactions:
stake(deposit ETH via msg.value),unstake(request/claim withdrawals),wrap/unwrap(token conversions), and ERC-20approveflows. It details contract addresses, ABI selectors, tx preview vs broadcast semantics, and usesonchainos wallet contract-callto broadcast signed transactions (with--confirm). These capabilities are specifically designed to move crypto funds on-chain, so it grants direct financial execution authority.
Issues (4)
Suspicious download URL detected in skill instructions.
Unverifiable external dependency detected (runtime URL that controls agent).
Secret detected in skill content (API keys, tokens, passwords).
Direct money access capability detected (payment gateways, crypto, banking).