Security audit
OKX a2a Payment
Security checks across malware telemetry and agentic risk
Overview
This payment skill is transparent about its purpose, but it can authorize wallet payments from a payment ID without its own payment-detail preview or final confirmation step.
Review before installing. Use this only with a trusted onchainos CLI and a wallet intended for agent payments. Before paying, independently verify the paymentId against the expected amount, token, recipient, and seller, because the skill says it will sign the server challenge as-is once invoked.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.