lifi
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill serves as an instructional guide for the LI.FI API, a legitimate cross-chain aggregation service. The documentation is thorough, providing clear technical details on endpoints, status tracking, and error handling without any deceptive intent.
- [NO_CODE]: The skill consists exclusively of Markdown files (SKILL.md and REFERENCE.md). It does not contain any executable scripts, binaries, or active configuration files that could pose a direct security risk during deployment.
- [EXTERNAL_DOWNLOADS]: The documentation references official vendor tools such as the LI.FI MCP server and CLI (@lifi/cli). These are legitimate resources hosted on the vendor's own infrastructure (li.quest and li.fi) and do not represent a supply chain threat.
- [COMMAND_EXECUTION]: The skill includes shell command examples using
curlto demonstrate API requests. These are standard educational snippets for developers and do not involve piping to shell interpreters or executing untrusted remote content. - [DATA_EXPOSURE]: The skill correctly handles authentication by using placeholder values (e.g., 'YOUR_API_KEY') and instructs users to keep their keys private. It does not access sensitive local file paths or environment variables.
Audit Metadata