Maybe because OneKey code was not tested for a long time by them, and they are not always up to date.
I see OneKey Touch was check last time 1 year ago, and OneKey also discontinued some old devices and released new models.
Now they have OneKeyPro and OneKey Classic 1S that was never tested by Walletscrutiny website.
See
https://walletscrutiny.com/hardware/onekey/ and
https://github.com/OneKeyHQ/firmware/releases (I have check the hash of classic.3.9.0-Stable-0805-f3b0717.signed.bin)
The latest version of classic/v3.9.0 (Aug 12, 2024) still not passed through WalletScrutiny's testing.
Why can a hardware wallet that has never passed walletscrutiny testing be called an open-source wallet?