okx-security
Fail
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [METADATA_POISONING]: The skill's YAML metadata identifies the author as "okx", whereas the actual publisher is "Starchild-ai-agent". This misattribution is deceptive and may lead users to believe the skill is an official OKX release.
- [EXTERNAL_DOWNLOADS]: Fetches configuration, installers, and binaries from the OKX official GitHub repository ("okx/onchainos-skills"). These downloads from a well-known service are required for the skill's primary functionality.
- [REMOTE_CODE_EXECUTION]: Downloads and executes a shell script ("install.sh") from a remote repository to set up the environment. The skill mitigates risk by instructing the agent to verify the download's SHA256 checksum against an official manifest.
- [COMMAND_EXECUTION]: The skill requires the execution of several shell commands, including "curl", "sh", and the "onchainos" CLI tool, for installation and operational tasks.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) due to its handling of untrusted external data.
- Ingestion points: Ingests external URLs, contract addresses, and transaction calldata through the "dapp-scan", "token-scan", and "tx-scan" commands in SKILL.md.
- Boundary markers: The skill does not provide delimiters or instructions for the agent to ignore embedded commands within the processed data.
- Capability inventory: The skill has the capability to execute shell commands using the ingested data as arguments.
- Sanitization: No specific sanitization or validation rules are provided to ensure external inputs are safe before being used in shell commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh - DO NOT USE without thorough review
Audit Metadata