The Agent Skills Directory

[SAFE]: The skill implements strict parameter validation rules, including regex patterns for currency identifiers (e.g., ^[A-Z0-9]{1,20}$) and a blacklist for forbidden characters (&, =, ?, #, \r, \n) to prevent parameter injection and URL manipulation.- [SAFE]: High-risk operations such as initiating withdrawals via the POST /openApi/wallets/v1/capital/withdraw/apply endpoint require an explicit manual 'CONFIRM' action from the user in the production environment, providing a critical layer of human-in-the-loop protection.- [SAFE]: The cryptographic signing logic in the fetchSigned function uses standard HMAC-SHA256 with user-provided API keys and secrets, which are passed as variables rather than being hardcoded.
[SAFE]: Network activity is restricted to official BingX domains (open-api.bingx.com, open-api.bingx.pro) and their simulated testing environment counterparts, aligning with the expected behavior for the vendor's API integration.

bingx-spot-wallet