Skills
skills/holon-run/uxc/mexc-openapi-skill/Gen Agent Trust Hub

mexc-openapi-skill

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill correctly implements security best practices for secret management. It instructs the agent and the user to use environment variables (MEXC_API_KEY, MEXC_SECRET_KEY) when configuring authentication, ensuring no sensitive credentials are hardcoded in plain text.
  • [EXTERNAL_DOWNLOADS]: The skill references an OpenAPI schema hosted on GitHub (raw.githubusercontent.com/holon-run/uxc/...). This is a legitimate configuration download from the vendor's own repository and is used to define the API interface for the uxc tool.
  • [DATA_EXFILTRATION]: Network activity is properly scoped to the official MEXC Spot API domain (api.mexc.com). There are no patterns suggesting unauthorized data collection or exfiltration to third-party servers.
  • [COMMAND_EXECUTION]: The skill uses the uxc command-line tool to perform API requests. The commands are structured and restricted to the operations defined in the provided OpenAPI schema, such as market data retrieval and order management.
  • [PROMPT_INJECTION]: The instructions and metadata were reviewed for override attempts, safety bypasses, or adversarial role-play prompts. No malicious injection patterns were found.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:14 AM