gdex-trading

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes plaintext shared API keys and instructs using API/session keys and signing keys verbatim in API calls and encrypted payload construction, which requires the LLM to handle and potentially emit secrets directly.

---

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The repository contains high-risk intentional access patterns: hard-coded/shared API keys, a managed-custody flow that lets the backend (or any client with those keys) sign and submit encrypted trade payloads on users' behalf, and an MCP server/tooling surface that exposes many remote-execution trading tools — together these provide effective backdoor-style access to move funds or perform actions autonomously.

---

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill bundle includes installation/runtime commands that fetch and execute remote packages (e.g., "npx skills add GemachDAO/gdex-skill" and "npx @gdexsdk/mcp-server init ..."), which will download and run code from external sources such as https://github.com/GemachDAO/gdex-skill and https://www.npmjs.com/package/@gdexsdk/gdex-skill, so there is a runtime external dependency that executes remote code.

---

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the documentation for literal, high-entropy values that could grant access.

Findings:

• The documentation contains two literal API keys presented as "Shared API Keys" / pre-configured values:
• 9b4e1c73-6a2f-4d88-b5c9-3e7a2f1d6c54 (Primary)
• 2c8f0a91-5d34-4e7b-9a62-f1c3d8e4b705 (Secondary)

These are concrete UUID-style keys (not placeholders) and are repeated in multiple files (SKILL.md, README, etc.). They match the pattern/placement of API credentials used to authenticate to the backend (trade-api.gemach.io/v1) and therefore qualify as secrets under the provided definition.

Items explicitly ignored and why:

• Ethereum / Solana addresses (e.g., 0x2Df1c51E09aECF9cacB7bc98cB1742757f163dF7, 0x9967..., CFSi4Y...) — public blockchain addresses / receiver addresses; not secrets.
• Placeholder private keys / mnemonics / sessionPrivateKey examples (e.g., '0xYourPrivateKey', '', 'your mnemonic phrase...') — clearly placeholders and not real credentials.
• Truncated/redacted fragments and template values (e.g., "GDEX_API_KEY_PRIMARY = 9b4e1c73..." in verify output snippets) — either truncated or contextual.
• Any other simple/low-entropy strings (e.g., 'YES', 'your-api-key', 'TOKEN_MINT_ADDRESS') — documentation placeholders or examples per rules.

Risk note / recommended remediation (brief):

• Treat the two listed API keys as exposed secrets. If they are live keys, rotate them immediately and remove hardcoded values from the repo (use environment variables or secret store). Audit any usage tied to those keys for unauthorized access.

---

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a cross-chain DeFi trading platform with managed-custody wallets and write APIs for executing financial actions. It provides specific endpoints and functions to buy/sell tokens (gdex-spot-trading), place perp orders and manage positions (gdex-perp-trading, perpDeposit, hl_create_order), deposit/withdraw USDC (gdex-perp-funding), create/update/cancel limit orders (gdex-limit-orders), native/ERC20/SPL transfers via managed custody (gdex-transfers), and cross-chain bridging (gdex-bridge). The doc also details ABI-encoded signed/encrypted computedData payloads, session signing formats, required chainIds, and concrete API routes (e.g., POST /v1/bridge/request_bridge, /v1/orders, /v1/hl/*). These are specific, direct mechanisms to move funds or execute market orders (including order creation, cancelling, deposits/withdrawals and transfers), not generic tooling—thus it grants Direct Financial Execution Authority.