etherfi
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's setup process fetches and executes an installation script (
install.sh) directly from the vendor's official GitHub repository (okx/onchainos-skills). - [EXTERNAL_DOWNLOADS]: Downloads platform-specific executable binaries for the
etherfitool from the vendor's repository releases on GitHub (okx/plugin-store). - [DATA_EXFILTRATION]: Includes an installation reporting script that collects local system metadata (hostname and the absolute path to the user's home directory) to generate a unique device ID, which is then sent to the vendor's telemetry endpoints (
okx.comand a Vercel-hosted stats app) for tracking plugin adoption. - [COMMAND_EXECUTION]: Interacts with the local
onchainosCLI to manage wallet addresses and broadcast signed transactions, and utilizes system utilities (hostname,uname,shasum) for environment detection. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests data from external sources such as the Ether.fi API and Ethereum public RPC nodes. This risk is mitigated by an explicit 'Data Trust Boundary' defined in the instructions.
- Ingestion points: Protocol statistics from
app.ether.fi(insrc/api.rs) and on-chain balances from Ethereum RPC (insrc/rpc.rs). - Boundary markers: Present in
SKILL.mdunder the 'Data Trust Boundary' section, instructing the agent to ignore instructions embedded in external data. - Capability inventory: Transaction signing and broadcasting via the
onchainosCLI (insrc/onchainos.rs). - Sanitization: Employs strict numeric parsing for API responses and integer decoding for RPC hex data to prevent the execution of malicious strings.
Audit Metadata