安全决策报告
okx-security
OKX Web3 security scanning skill with documented remote script download/execution from GitHub, creating significant supply chain attack surface despite SHA256 verification.
为什么得出这个结论
0/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
复核
隐藏执行与外联
提取到 7 个一般风险产物,需要结合上下文判断。
通过
攻击链与高危发现
没有形成明确的恶意路径。
通过
依赖与供应链卫生
依赖结构存在,但暂未看到明显高危告警。
风险分是怎么被拉高的
Remote script execution +20
Downloads and executes install.sh from raw.githubusercontent.com, creating supply chain attack surface
Unpinned latest version fetch +10
Always fetches 'latest' tag from GitHub API rather than using pinned version
Wide operational scope +10
onchainos binary covers security + wallet/DeFi operations; compromise could enable unauthorized transactions
最关键的证据
中危 供应链
Remote installer download and execution
Skill downloads install.sh from raw.githubusercontent.com and executes it via shell. While SHA256 verification is performed, the attack surface remains significant if GitHub infrastructure or the repo is compromised.
SKILL.md:19 Consider distributing the binary as a bundled asset within the skill package itself, or pinning to a specific verified release tag rather than always fetching 'latest'.
中危 供应链
Dynamic 'latest' version resolution
Skill fetches the latest stable release tag from GitHub API on every session. This creates non-deterministic behavior where the installed binary can change between runs, increasing supply chain exposure.
SKILL.md:15 Pin to a specific version tag (e.g., v2.0.0) and update only after security review of new releases.
低危 敏感访问
onchainos binary scope exceeds security scanning
The onchainos CLI covers wallet operations, swaps, and contract calls beyond just security scanning. If the binary is compromised, these capabilities could be abused for unauthorized transactions.
SKILL.md:1 Restrict onchainos binary to security commands only if feasible, or document that the broader CLI is a trusted OKX dependency.
声明能力 vs 实际能力
网络访问 通过
声明 READ
→ 推断 READ
SKILL.md:curl GitHub API, raw.githubusercontent.com downloads 命令执行 通过
声明 WRITE
→ 推断 WRITE
SKILL.md:sh /tmp/onchainos-install.sh 文件系统 通过
声明 WRITE
→ 推断 WRITE
SKILL.md:Downloads to /tmp, installs to ~/.local/bin, stores cache in ~/.onchainos/ 技能调用 通过
声明 READ
→ 推断 READ
SKILL.md:Integrates with okx-agentic-wallet for wallet operations 环境变量 通过
声明 NONE
→ 推断 NONE
No env access detected in reference files or SKILL.md 可疑产物与外联
中危 外部 URL
https://web3.okx.com SKILL.md:8
中危 外部 URL
https://web3.okx.com/onchain-os/dev-portal SKILL.md:71
中危 外部 URL
https://some-dapp.xyz references/risk-domain-detection.md:14
中危 外部 URL
https://suspicious-defi.xyz references/risk-domain-detection.md:42
中危 钱包地址
0x6982508145454Ce325dDbE47a25d4ec3d2311933 references/risk-token-detection.md:130
中危 钱包地址
0x25d887Ce7a35172C62FeBFD67a1856F20FaEbB00 references/risk-token-detection.md:131
中危 钱包地址
0xdAC17F958D2ee523a2206206994597C13D831ec7 references/risk-token-detection.md:145
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| onchainos-skills | latest (dynamic) | GitHub releases | 否 | Dynamic 'latest' tag resolution; SHA256 verification performed |
文件构成
5 个文件 · 648 行
Markdown 5 个文件 · 648 行
需关注文件 · 3
references/risk-token-detection.md 0x6982508145454Ce325dDbE47a25d4ec3d2311933 · 0x25d887Ce7a35172C62FeBFD67a1856F20FaEbB00 · 0xdAC17F958D2ee523a2206206994597C13D831ec7
SKILL.md Remote installer download and execution · Dynamic 'latest' version resolution · onchainos binary scope exceeds security scanning · https://web3.okx.com · https://web3.okx.com/onchain-os/dev-portal
references/risk-domain-detection.md https://some-dapp.xyz · https://suspicious-defi.xyz
其他文件 · risk-transaction-detection.md · risk-approval-monitoring.md
安全亮点
SHA256 verification of downloaded installer and binary before execution
Comprehensive documentation of all behaviors in SKILL.md - no hidden functionality detected
Fail-safe principle: blocks transactions if security scan fails
Risk action priority rule clearly defined (block > warn > safe)
Reference files document all risk item types and interpretations
No obfuscation, base64 payloads, or anti-analysis patterns found
References are pure documentation with no executable code
No credential harvesting or sensitive file access detected
No direct IP network requests or C2 communication patterns