orca-plugin
Warn
Audited by Snyk on May 9, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill directly fetches and parses untrusted public data (e.g., fetch_all_pools calling https://api.orca.so/v1/whirlpool/list and onchainos.rs calling the Solana RPC at https://api.mainnet-beta.solana.com and running onchainos security token-scan), and those API-returned fields (token symbols/names, pool price/tvl, security scan results) are interpreted and used to drive pool selection, price-impact checks, warnings/blocks, and swap execution decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's pre-flight install steps fetch and execute remote scripts/binaries at runtime (e.g., curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh and downloads from https://github.com/okx/plugin-store/releases/download/plugins/orca-plugin@0.6.4/...), which executes remote code and is required for the skill to run.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly provides on-chain token swap functionality on Solana. It defines a "swap" command that, with the global --confirm flag, broadcasts transactions via "onchainos swap execute --chain 501", performs wallet balance checks, security scans, and returns tx hashes/solscan links. It also exposes wallet-aware onboarding (quickstart) and uses specific Solana token mints. This is a specific crypto/blockchain execution capability (signing/sending swaps), not a generic tool, so it grants direct financial execution authority.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata