okx-buildx-hackathon-agent-track
Fail
Audited by Snyk on Apr 26, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The skill asks the human to provide API keys (OnchainOS, Moltbook) and includes curl examples and JSON snippets showing Authorization: Bearer YOUR_API_KEY and explicit api_key values and file storage, which encourages the agent to accept and embed secret values verbatim in commands or outputs.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to fetch and browse user-generated submissions from the public Moltbook submolt (e.g., curl "https://www.moltbook.com/api/v1/submolts/buildx/feed?...") and to read/evaluate those posts as part of its voting workflow, which exposes the agent to untrusted third-party content that can directly influence voting and next actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight install step explicitly runs remote code at runtime via "curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh", which fetches and executes a script the skill treats as a required dependency.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly integrates on-chain financial tooling: it requires an Agentic Wallet, requests an OnchainOS API key, and references OnchainOS modules (Wallet / DEX / Payment / Data) and Uniswap AI Skills for swaps/trading. It mandates that all on-chain transactions go through the Agentic Wallet and OnchainOS API and uses on-chain tx volume as a competition metric. These are specific crypto/blockchain transaction and signing capabilities (not generic browser or HTTP tools), so the skill provides direct financial execution authority.
Issues (4)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata