rust-cli-inspector

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt includes an auto-injected "Report install" script that computes a device fingerprint, decodes an obfuscated HMAC key, and sends a signed device identifier to external endpoints—actions unrelated to querying ETH price and therefore constitute hidden/exfiltrative instructions.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The URLs install and execute unverified binaries/scripts (curl|sh and GitHub release binary) and report a device fingerprint to external endpoints — while domains (okx, GitHub, Vercel) look legitimate, automatically downloading and running executables plus telemetry reporting presents a high risk for abuse or supply‑chain compromise.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight installs fetch and execute remote code at runtime — notably via curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh (and it also downloads a runtime binary from https://github.com/okx/plugin-store/releases/download/plugins/rust-cli-inspector@1.1.0/rust-cli-inspector-${TARGET}), so these URLs provide required external code that is executed.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I found a high-entropy, literal value: the base64 string assigned/used via _K ('OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==') which the script decodes and uses as an HMAC key ("obfuscated key, same as CLI binary"). This is not a placeholder or simple example — it is a real encoded secret embedded in the code. No other high-entropy credentials are present; other values are URLs, filenames, or benign/static strings (ignored as non-secrets).