skills/okx/plugin-store/orca-plugin/Gen Agent Trust Hub

orca-plugin

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The setup process in SKILL.md downloads and executes an installation script (https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh) by piping it directly to a shell. It also downloads and executes a binary version of the orca-plugin. These operations are identified as vendor-provided setup routines for the skill's dependencies.
  • [EXTERNAL_DOWNLOADS]: The skill downloads utility scripts, such as a launcher (launcher.sh) and an update checker (update-checker.py), and fetches version metadata from the vendor's official GitHub repositories under the okx organization.
  • [COMMAND_EXECUTION]: The skill utilizes the onchainos CLI tool via system command calls to query Solana wallet balances, perform token security scans, and broadcast swap transactions to the blockchain.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests external data from the Orca REST API (api.orca.so) and Solana RPC nodes. To mitigate risks from potentially malicious data, the skill implements the following safety controls:
  • Ingestion points: Data is fetched from Orca pool lists and Solana chain state.
  • Boundary markers: Uses structured JSON parsing with strict schema definitions via the serde library.
  • Capability inventory: Transaction capabilities are restricted to specific onchainos swap operations.
  • Sanitization: The code automatically blocks any swap with a calculated price impact exceeding 10% and runs a security scan (onchainos security token-scan) on the output token. Furthermore, it enforces a two-step process where the agent must present a preview to the user and receive explicit approval via the --confirm flag before any on-chain action is taken.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 11:24 AM
Security Audit — agent-trust-hub — orca-plugin