okx-agentic-wallet
Fail
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill is designed to download shell and PowerShell scripts from a remote source and execute them directly on the host machine. Evidence: curl commands targeting install.sh and install.ps1 in SKILL.md.
- [EXTERNAL_DOWNLOADS]: Fetches multiple external resources, including binaries and metadata, from GitHub repositories that are not included in the platform's trusted vendor list. Evidence: API and raw content URLs in SKILL.md.
- [COMMAND_EXECUTION]: Relies on the execution of a dynamically downloaded CLI binary (onchainos) to perform all wallet operations.
- [CREDENTIALS_UNSAFE]: The skill documentation identifies sensitive file paths for credential storage, specifically ~/.okxweb3/keyring.json.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted on-chain data (token symbols, names) without technical sanitization or boundary markers. Ingestion points: Output from the onchainos CLI (SKILL.md). Boundary markers: Absent. Capability inventory: Full command execution and network access across all scripts (SKILL.md). Sanitization: Absent; the documentation only provides a narrative warning regarding untrusted data.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata