Skill Trust Decision

okx-security

Name: okx-security Trust Review Report
Item: okx-security
Rating: 60
Author: ClawSafe

OKX Web3 security scanning skill with documented remote script download/execution from GitHub, creating significant supply chain attack surface despite SHA256 verification.

Install decision first Source: Manual upload Scanned: Apr 4, 2026

Files 5

Artifacts 7

Violations 0

Findings 3

Why this conclusion was reached

0/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Review

Hidden execution and egress

7 lower-risk artifacts were extracted and still need context.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Pass

Dependencies and supply chain hygiene

Dependencies are present but no obvious high-risk issue stands out.

What drove the risk score up

Remote script execution +20

Downloads and executes install.sh from raw.githubusercontent.com, creating supply chain attack surface

Unpinned latest version fetch +10

Always fetches 'latest' tag from GitHub API rather than using pinned version

Wide operational scope +10

onchainos binary covers security + wallet/DeFi operations; compromise could enable unauthorized transactions

Most important evidence

Medium Supply Chain

Remote installer download and execution

Skill downloads install.sh from raw.githubusercontent.com and executes it via shell. While SHA256 verification is performed, the attack surface remains significant if GitHub infrastructure or the repo is compromised.

SKILL.md:19

Consider distributing the binary as a bundled asset within the skill package itself, or pinning to a specific verified release tag rather than always fetching 'latest'.

Medium Supply Chain

Dynamic 'latest' version resolution

Skill fetches the latest stable release tag from GitHub API on every session. This creates non-deterministic behavior where the installed binary can change between runs, increasing supply chain exposure.

SKILL.md:15

Pin to a specific version tag (e.g., v2.0.0) and update only after security review of new releases.

Low Sensitive Access

onchainos binary scope exceeds security scanning

The onchainos CLI covers wallet operations, swaps, and contract calls beyond just security scanning. If the binary is compromised, these capabilities could be abused for unauthorized transactions.

SKILL.md:1

Restrict onchainos binary to security commands only if feasible, or document that the broader CLI is a trusted OKX dependency.

Declared capability vs actual capability

Network Pass

Declared READ

→

Inferred READ

SKILL.md:curl GitHub API, raw.githubusercontent.com downloads

Shell Pass

Declared WRITE

→

Inferred WRITE

SKILL.md:sh /tmp/onchainos-install.sh

Filesystem Pass

Declared WRITE

→

Inferred WRITE

SKILL.md:Downloads to /tmp, installs to ~/.local/bin, stores cache in ~/.onchainos/

Skill Invoke Pass

Declared READ

→

Inferred READ

SKILL.md:Integrates with okx-agentic-wallet for wallet operations

Environment Pass

Declared NONE

→

Inferred NONE

No env access detected in reference files or SKILL.md

Suspicious artifacts and egress

Medium External URL

https://web3.okx.com

SKILL.md:8

Medium External URL

https://web3.okx.com/onchain-os/dev-portal

SKILL.md:71

Medium External URL

https://some-dapp.xyz

references/risk-domain-detection.md:14

Medium External URL

https://suspicious-defi.xyz

references/risk-domain-detection.md:42

Medium Wallet Address

0x6982508145454Ce325dDbE47a25d4ec3d2311933

references/risk-token-detection.md:130

Medium Wallet Address

0x25d887Ce7a35172C62FeBFD67a1856F20FaEbB00

references/risk-token-detection.md:131

Medium Wallet Address

0xdAC17F958D2ee523a2206206994597C13D831ec7

references/risk-token-detection.md:145

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
onchainos-skills	`latest (dynamic)`	GitHub releases	No	Dynamic 'latest' tag resolution; SHA256 verification performed

File composition

5 files · 648 lines

Markdown 5 files · 648 lines

Files of concern · 3

references/risk-token-detection.md Markdown · 182 lines

0x6982508145454Ce325dDbE47a25d4ec3d2311933 · 0x25d887Ce7a35172C62FeBFD67a1856F20FaEbB00 · 0xdAC17F958D2ee523a2206206994597C13D831ec7

SKILL.md Markdown · 151 lines

Remote installer download and execution · Dynamic 'latest' version resolution · onchainos binary scope exceeds security scanning · https://web3.okx.com · https://web3.okx.com/onchain-os/dev-portal

references/risk-domain-detection.md Markdown · 57 lines

https://some-dapp.xyz · https://suspicious-defi.xyz

Other files · risk-transaction-detection.md · risk-approval-monitoring.md

Security positives

SHA256 verification of downloaded installer and binary before execution

Comprehensive documentation of all behaviors in SKILL.md - no hidden functionality detected

Fail-safe principle: blocks transactions if security scan fails

Risk action priority rule clearly defined (block > warn > safe)

Reference files document all risk item types and interpretations

No obfuscation, base64 payloads, or anti-analysis patterns found

References are pure documentation with no executable code

No credential harvesting or sensitive file access detected

No direct IP network requests or C2 communication patterns