okx-dex-token
Fail
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads and executes an installer script (
install.shorinstall.ps1) fromhttps://raw.githubusercontent.com/okx/onchainos-skills/. This pattern allows for the execution of arbitrary code from a remote source on the user's machine. - [EXTERNAL_DOWNLOADS]: The skill fetches several external resources, including the installer script, binary checksums (
installer-checksums.txt), and the application binary itself from GitHub releases. - [COMMAND_EXECUTION]: The skill heavily relies on shell command execution, using
curl,sh, and PowerShell to manage tool installation, versioning, and integrity checks. - [METADATA_POISONING]: The YAML frontmatter in
SKILL.mdidentifies the author as 'okx', which contradicts the identified author 'Starchild-ai-agent'. This discrepancy can mislead users regarding the origin and safety of the skill. - [INDIRECT_PROMPT_INJECTION]: The skill ingests and processes untrusted token data (names, symbols, and tags) from on-chain sources via the CLI tool.
- Ingestion points: Data returned from
onchainos token searchandtoken advanced-info(e.g.,tokenTags). - Boundary markers: None are defined in the instructions to separate untrusted data from agent instructions.
- Capability inventory: The skill utilizes shell execution and network access across its primary logic.
- Sanitization: No sanitization or escaping mechanisms are prescribed for the retrieved data.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata