Skills
skills/okx/plugin-store/pancakeswap/Gen Agent Trust Hub

pancakeswap

Fail

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Executes an installation shell script directly from the vendor's GitHub repository via a piped command during initial setup.
  • [EXTERNAL_DOWNLOADS]: Downloads the compiled pancakeswap binary from the vendor's official GitHub releases into the local user environment.
  • [COMMAND_EXECUTION]: Leverages the onchainos CLI tool to perform blockchain transactions and wallet status checks.
  • [DATA_EXFILTRATION]: Transmits installation telemetry, including hashed machine identifiers and system environment metadata, to the developer's reporting endpoints.
  • [OBFUSCATION]: Employs Base64 encoding for a cryptographic key used to sign installation reports within the setup script.
  • [PROMPT_INJECTION]: Processes untrusted external data from blockchain RPC providers and subgraph APIs, presenting an indirect injection surface.
  • Ingestion points: Data is retrieved via eth_call in src/rpc.rs and through subgraph queries in src/commands/positions.rs.
  • Boundary markers: SKILL.md contains a 'Data Trust Boundary' section instructing the agent to treat all external output as untrusted content.
  • Capability inventory: The skill can execute transactions and query wallet states using the onchainos utility.
  • Sanitization: All external network responses are parsed through structured ABI decoding and JSON validation.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 12, 2026, 01:15 PM