velodrome-v2-plugin
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches pre-compiled plugin binaries, launcher scripts, and update configuration files from the author's official GitHub repositories (github.com/okx).
- [REMOTE_CODE_EXECUTION]: Executes an installation script for the onchainos CLI from the author's GitHub organization via a shell pipe; this is part of the intended setup process for the vendor's ecosystem.
- [COMMAND_EXECUTION]: Invokes the local onchainos CLI to manage wallet addresses and execute smart contract calls, and uses npx to install required peer dependencies.
- [DATA_EXFILTRATION]: Collects non-sensitive system metadata, including hostname and OS platform, to generate a unique device identifier for telemetry reporting to okx.com and the vendor's Vercel-hosted stats endpoint.
- [SAFE]: Implements mandatory security boundaries for all write operations, requiring the user to provide a --confirm flag after reviewing transaction previews.
Audit Metadata