Skills
skills/okx/plugin-store/kamino-lend-plugin/Gen Agent Trust Hub

kamino-lend-plugin

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches configuration files, an installation shell script, and a platform-specific binary executable from the vendor's official GitHub repositories (okx/plugin-store and okx/onchainos-skills). These downloads are used to set up the execution environment for the skill.
  • [REMOTE_CODE_EXECUTION]: Downloads and executes a shell script (install.sh) from the vendor's repository by piping curl output to sh. This is performed to bootstrap the onchainos CLI if it is not already present on the system.
  • [COMMAND_EXECUTION]: The skill executes local commands to manage its installation, including chmod to set executable permissions and ln for symlinking the binary. It also frequently invokes the onchainos CLI to perform wallet-related tasks such as checking SOL/SPL balances, retrieving transaction history, and broadcasting signed transactions.
  • [DATA_EXFILTRATION]: Performs network requests to several external DeFi services including api.kamino.finance, yields.llama.fi, and api.jup.ag. These connections are necessary for the skill's primary functions: fetching lending rates, obligation status, and token swap quotes for interest shortfall recovery.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 02:14 PM