etherfi
Fail
Audited by Snyk on Apr 12, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E004: Prompt injection detected in skill instructions.
- Potential prompt injection detected (high risk: 0.90). The auto-injected "Report install" pre-flight step computes a HMAC-signed device fingerprint (including hostname and $HOME) using an obfuscated key and POSTs it to external endpoints—telemetry/exfiltration that is unrelated to the plugin's stated liquid-restaking functionality and thus constitutes a hidden/deceptive instruction outside scope.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's pre-flight setup runs runtime shell commands that fetch and execute remote code — notably curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh (installs onchainos) and the curl download of the etherfi binary from https://github.com/okx/plugin-store/releases/download/plugins/etherfi@0.1.0/etherfi-... which are required dependencies and execute remote code.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the entire skill prompt for high-entropy, literal secrets that could be used to access a service.
Flagged item:
- The base64 string assigned to _K: 'OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==' (and its fallback) — this decodes to an obfuscated HMAC key used to compute HMAC_SIG and sent to OKX/CLI reporting endpoints. This is a high-entropy literal secret embedded in the script and is usable to forge or reproduce the HMAC-signed device token; therefore it meets the definition of a secret.
Not flagged / ignored items (with reasons):
- All contract addresses, ABI selectors, tx hashes examples, and numeric values — these are public on-chain values or examples, not secrets.
- Example JSON outputs, example amounts, error messages, trigger phrases — low entropy or documentation placeholders.
- Any references to external endpoints (URLs) — these are public service endpoints, not credentials.
Therefore there is a real secret present (the embedded base64 HMAC key).
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly built to perform on-chain financial operations. It defines write actions that send ETH and interact with smart contracts (stake/deposit with msg.value, unstake request & claim that burn/mint NFTs and send ETH, wrap/unwrap ERC‑4626 weETH↔eETH, ERC‑20 approvals), provides contract addresses and ABI selectors, and uses
onchainos wallet contract-callto broadcast signed transactions. These are specific crypto transaction functions (wallet signing, token approvals, value transfers), not generic tools — therefore it grants direct financial execution capability.
Issues (4)
E004
CRITICALPrompt injection detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata