okx-cex-auth
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
okxCLI to perform authentication tasks, status checks, and configuration management. These operations are standard for the tool's intended use case and are necessary to interact with the OKX platform.- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the official@okx_ai/okx-trade-clipackage from the NPM registry. It also provides a mechanism (okx auth install) to download and update the vendor's authentication binary, which is a common pattern for local authentication clients.- [DATA_EXFILTRATION]: The skill interacts with sensitive local data, specifically API keys and configuration settings stored in~/.okx/config.toml. This access is documented as part of the authentication status check (okx config show) and is required for managing the user's account connection. There is no evidence of data being sent to unauthorized third-party domains.- [PROMPT_INJECTION]: The skill processes output from theokxCLI commands to determine authentication state. While this represents a surface for indirect prompt injection if tool outputs were manipulated, the skill provides specific instructions on how to parse this structured JSON data and includes mandatory manual checkpoints for the user. - Ingestion points: Tool outputs from
okx config showandokx auth status. - Boundary markers: None explicitly defined for command output interpolation.
- Capability inventory: Execution of
npmandokxbinaries. - Sanitization: No explicit sanitization of command output before processing.
Audit Metadata