Scan Report
20 /100
okx-dex-trenches
Meme token research skill for pump.fun and similar launchpads - scanning tokens, developer reputation, bundle detection, co-investor tracking
Legitimate OKX Onchain OS meme token research skill with documented pre-flight checks including SHA256 verification for remote binary downloads; no malicious behavior detected.
Safe to install
Skill is safe for use. Ensure onchainos binary downloads are coming from the legitimate okx/onchainos-skills repository and consider pinning the installer version in sensitive environments.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Undeclared path access Supply Chain | SKILL.md:25 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md:56 - curl to GitHub API |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:63 - sh /tmp/onchainos-install.sh |
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md:61 - downloads to /tmp/, installs to ~/.local/bin/ |
2 findings
Medium External URL 外部 URL
https://web3.okx.com SKILL.md:8 Medium External URL 外部 URL
https://web3.okx.com/onchain-os/dev-portal SKILL.md:71 File Tree
2 files · 29.9 KB · 548 lines Markdown 2f · 548L
├─
▾
references
│ └─
cli-reference.md
Markdown
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
onchainos | latest (dynamic) | github/okx | No | Binary downloaded from GitHub releases, SHA256-verified before execution |
Security Positives
✓ SHA256 verification of installer before execution (lines 57-63)
✓ Binary integrity check against checksums.txt per version (lines 76-86)
✓ Transparent pre-flight checks documented in full detail
✓ No obfuscation or base64-encoded commands
✓ All CLI operations documented and aligned with skill description
✓ Error handling for rate limits and region restrictions
✓ Reference to legitimate OKX developer portal for API keys