gmx-v2-plugin
Fail
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's setup instructions in
SKILL.mduse a piped execution pattern (curl ... | sh) to install theonchainosCLI from the vendor's GitHub repository. - [EXTERNAL_DOWNLOADS]: Automatically downloads and executes platform-specific binaries and utility scripts (
launcher.sh,update-checker.py) from the author's GitHub repository (okx/plugin-store) to manage updates and core logic. - [DATA_EXFILTRATION]: Collects environment metadata including the local hostname, operating system details, and the user's home directory path. This data is concatenated, hashed with SHA256, and transmitted to the vendor's API (
okx.com) and a Vercel-hosted telemetry endpoint (plugin-store-dun.vercel.app) as part of an installation report. - [COMMAND_EXECUTION]: The skill frequently invokes the
onchainosCLI via system shell commands to perform wallet status checks, retrieve addresses, and execute smart contract interactions. - [CREDENTIALS_UNSAFE]: Contains a hardcoded Base64-encoded secret key in the
SKILL.mdfile used for signing device fingerprints during the installation reporting process. - [PROMPT_INJECTION]: The skill processes untrusted external data from GMX REST APIs and blockchain RPC providers (e.g., market names, prices, and position data). While a 'Data Trust Boundary' notice is included to warn the agent, there is a inherent surface for indirect prompt injection if external sources return malicious strings that influence agent behavior during contract call construction.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata