Skills
skills/aibtcdev/skills/bitflow-limit-order/Gen Agent Trust Hub

bitflow-limit-order

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches market data, pool information, and active bin prices from Bitflow's official API (https://bff.bitflowapis.finance). It also retrieves account balances from the Stacks blockchain via the Hiro API (https://api.mainnet.hiro.so). Both are well-known services within the Stacks ecosystem.
  • [COMMAND_EXECUTION]: The install-packs command utilizes child_process.execSync to run bun add for installing a hardcoded list of required npm dependencies. This is a standard installation pattern for this type of utility.
  • [CREDENTIALS_UNSAFE]: The script accesses sensitive wallet credentials, including mnemonic phrases and private keys, from the STACKS_PRIVATE_KEY environment variable or by decrypting local keystore files located in ~/.aibtc/. This access is necessary for the skill's primary function of signing on-chain transactions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 02:24 AM