Skills
skills/htx-exchange/htx-skills-hub/htx-spot-trading/Snyk

htx-spot-trading

Fail

Audited by Snyk on May 7, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The prompt instructs configuring API credentials using direct CLI commands that take AccessKeyId/SecretKey as arguments, which encourages the agent to handle or echo secret values verbatim (high exfiltration risk).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly for executing crypto spot trades and margin operations on HTX: it places and cancels orders, submits batch cancels, and issues margin borrow and repay requests. It requires an API key with trade (and margin) permission and lists concrete write endpoints/CLI commands that change real fund balances. These are specific financial execution actions (crypto trading and margin loan operations), not generic tooling, so it grants Direct Financial Execution Authority.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
May 7, 2026, 04:42 AM
Issues
2