orca-plugin
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The setup process in
SKILL.mddownloads and executes an installation script (https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh) by piping it directly to a shell. It also downloads and executes a binary version of theorca-plugin. These operations are identified as vendor-provided setup routines for the skill's dependencies. - [EXTERNAL_DOWNLOADS]: The skill downloads utility scripts, such as a launcher (
launcher.sh) and an update checker (update-checker.py), and fetches version metadata from the vendor's official GitHub repositories under theokxorganization. - [COMMAND_EXECUTION]: The skill utilizes the
onchainosCLI tool via system command calls to query Solana wallet balances, perform token security scans, and broadcast swap transactions to the blockchain. - [INDIRECT_PROMPT_INJECTION]: The skill ingests external data from the Orca REST API (
api.orca.so) and Solana RPC nodes. To mitigate risks from potentially malicious data, the skill implements the following safety controls: - Ingestion points: Data is fetched from Orca pool lists and Solana chain state.
- Boundary markers: Uses structured JSON parsing with strict schema definitions via the
serdelibrary. - Capability inventory: Transaction capabilities are restricted to specific
onchainos swapoperations. - Sanitization: The code automatically blocks any swap with a calculated price impact exceeding 10% and runs a security scan (
onchainos security token-scan) on the output token. Furthermore, it enforces a two-step process where the agent must present a preview to the user and receive explicit approval via the--confirmflag before any on-chain action is taken.
Audit Metadata