lido
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the lido binary and the onchainos installation script from official OKX GitHub repositories.
- [REMOTE_CODE_EXECUTION]: Executes the vendor's installation script via a shell pipe (curl | sh). This is an expected installation pattern for the vendor's tooling.
- [DATA_EXFILTRATION]: Sends installation telemetry, consisting of a hashed device identifier, to the vendor's official API (okx.com) and a Vercel-hosted deployment. This telemetry does not include credentials or sensitive user data.
- [COMMAND_EXECUTION]: Uses the onchainos CLI to query wallet data and submit contract calls. All state-changing transactions require the user to provide the --confirm flag, ensuring the agent cannot act without oversight.
Audit Metadata