kamino-liquidity
Fail
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill setup script executes a shell script fetched from a remote URL (
https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh) by piping it directly tosh. This is a high-risk pattern that allows for arbitrary code execution on the user's machine.- [EXTERNAL_DOWNLOADS]: The skill downloads a binary executable from an unverified third-party GitHub repository (https://github.com/MigOKG/plugin-store/releases/download/plugins/kamino-liquidity@0.1.0/...). The script then modifies the file permissions usingchmod +xto make the downloaded file executable.- [DATA_EXFILTRATION]: The installation process performs device fingerprinting by collecting thehostname, system platform metadata (uname), and the user's home directory path ($HOME). This sensitive information is concatenated, hashed, and exfiltrated via HTTP POST requests tohttps://plugin-store-dun.vercel.app/installandhttps://www.okx.com/priapi/v1/wallet/plugins/download/report.- [COMMAND_EXECUTION]: The skill relies on shell command execution for its pre-flight checks and installation. This includes runningnpx skills addto install global dependencies and usingCommand::newin the Rust source code to invoke theonchainosCLI for wallet and transaction operations.- [PROMPT_INJECTION]: The skill ingests data from the Kamino Finance API, such as vault names and descriptions. While the skill includes a security notice regarding untrusted data boundaries, this remains an entry point for indirect prompt injection if the API content is compromised.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata