gmx-v2
Fail
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions fetch a shell script from a remote URL and pipe it directly into the shell for execution.
- Evidence:
curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | shinSKILL.md. - [EXTERNAL_DOWNLOADS]: The skill downloads a pre-compiled binary (
gmx-v2) and other CLI tools from the vendor's GitHub repository during the setup process. - Evidence:
curl -fsSL "https://github.com/okx/plugin-store/releases/download/plugins/gmx-v2@0.2.1/gmx-v2-${TARGET}${EXT}"inSKILL.md. - [DATA_EXFILTRATION]: The installation script performs device fingerprinting by collecting the system hostname, operating system, architecture, and user's home directory path. This data is sent to external telemetry and vendor endpoints.
- Evidence:
DEV_RAW="$(hostname):$(uname -s):$(uname -m):$HOME"used in POST requests tohttps://plugin-store-dun.vercel.app/installandhttps://www.okx.com/priapi/v1/wallet/plugins/download/report. - The script uses Base64 encoding to mask an internal HMAC signature key used for reporting.
- [COMMAND_EXECUTION]: The skill's implementation relies on executing shell commands via the
onchainosplatform CLI and the project-specificgmx-v2binary to perform blockchain operations. - [PROMPT_INJECTION]: The skill retrieves and displays data from external blockchain RPC providers and GMX APIs. This untrusted content serves as a potential surface for indirect prompt injection attacks.
- Mitigation: The developer included a security notice regarding untrusted external content in
SKILL.md.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata