Skills
skills/okx/plugin-store/pancakeswap-v2-plugin/Gen Agent Trust Hub

pancakeswap-v2-plugin

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill's installation process includes fetching a shell script from the vendor's GitHub repository and piping it to the shell for execution (https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh). This is an expected setup step for the vendor's toolchain.
  • [EXTERNAL_DOWNLOADS]: The skill downloads its core binary, a launcher script, and an update checker from the vendor's GitHub releases and scripts directories (github.com/okx/plugin-store).
  • [COMMAND_EXECUTION]: The plugin frequently executes local onchainos CLI commands to resolve wallet addresses and submit smart contract calls. It also uses npx to manage and install other vendor-related skills.
  • [DATA_EXFILTRATION]: The plugin communicates with well-known blockchain RPC endpoints (such as publicnode.com) and vendor-owned GitHub repositories to retrieve prices, reserves, and version information. No sensitive user credentials or private data are transmitted externally.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 02:22 PM