中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:21 小时前 重新扫描
20 /100
okx-dex-trenches
Meme token research skill for pump.fun and similar launchpads - scanning tokens, developer reputation, bundle detection, co-investor tracking
Legitimate OKX Onchain OS meme token research skill with documented pre-flight checks including SHA256 verification for remote binary downloads; no malicious behavior detected.
技能名称okx-dex-trenches
分析耗时30.7s
引擎pi
可以安装
Skill is safe for use. Ensure onchainos binary downloads are coming from the legitimate okx/onchainos-skills repository and consider pinning the installer version in sensitive environments.

安全发现 1 项

严重性 安全发现 位置
低危
Undeclared path access 供应链
~/.onchainos/ directory access is used for version caching (last_check file) but not explicitly declared in SKILL.md capabilities
~/.onchainos/last_check
→ Declare filesystem:READ access for ~/.onchainos/ path if this is an expected behavior
 SKILL.md:25
资源类型声明权限推断权限状态证据
网络访问 READ READ ✓ 一致 SKILL.md:56 - curl to GitHub API
命令执行 WRITE WRITE ✓ 一致 SKILL.md:63 - sh /tmp/onchainos-install.sh
文件系统 WRITE WRITE ✓ 一致 SKILL.md:61 - downloads to /tmp/, installs to ~/.local/bin/
2 项发现
🔗
中危 外部 URL 外部 URL
https://web3.okx.com
SKILL.md:8
🔗
中危 外部 URL 外部 URL
https://web3.okx.com/onchain-os/dev-portal
SKILL.md:71

目录结构

2 文件 · 29.9 KB · 548 行
Markdown 2f · 548L
├─ 📁 references
│ └─ 📝 cli-reference.md Markdown 281L · 11.8 KB
└─ 📝 SKILL.md Markdown 267L · 18.1 KB

依赖分析 1 项

包名版本来源已知漏洞备注
onchainos latest (dynamic) github/okx Binary downloaded from GitHub releases, SHA256-verified before execution

安全亮点

✓ SHA256 verification of installer before execution (lines 57-63)
✓ Binary integrity check against checksums.txt per version (lines 76-86)
✓ Transparent pre-flight checks documented in full detail
✓ No obfuscation or base64-encoded commands
✓ All CLI operations documented and aligned with skill description
✓ Error handling for rate limits and region restrictions
✓ Reference to legitimate OKX developer portal for API keys