Skills
skills/okx/plugin-store/okx-buildx-hackathon-agent-track/Gen Agent Trust Hub

okx-buildx-hackathon-agent-track

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructions and README include commands to download and execute setup scripts directly from the vendor's official GitHub repositories: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh and https://raw.githubusercontent.com/okx/plugin-store/main/install-local.sh.
  • [EXTERNAL_DOWNLOADS]: The setup.sh script and skill instructions fetch documentation and reference markdown files from established vendor domains and partners, including web3.okx.com, moltbook.com, and docs.uniswap.org.
  • [COMMAND_EXECUTION]: The skill implements a session-level version check in SKILL.md that uses curl to fetch the current version from the vendor's repository and triggers an update via npx skills add if the local version is outdated.
  • [COMMAND_EXECUTION]: Instructions direct the agent to install necessary hackathon dependencies and CLI tools using npx skills add, specifically for okx/onchainos-skills and okx/plugin-store.
  • [SAFE]: The skill includes explicit security warnings to the agent regarding credential safety, instructing it never to leak API keys or wallet private keys, and provides guidance on verifying third-party project submissions before interacting with them.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 12:35 PM