okx-sentiment-tracker
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@okx_ai/okx-trade-clipackage from npm, which is a scoped package belonging to the verified vendor. This is the primary tool required for the skill's functionality. - [COMMAND_EXECUTION]: The skill utilizes the
okxCLI to execute read-only commands for fetching news, search results, and sentiment trends. There are no indications of arbitrary or dangerous command execution. - [CREDENTIALS_UNSAFE]: Instructions are provided for users to configure their own API credentials in a local configuration file (
~/.okx/config.toml). It uses standard placeholders for demonstration and follows safe practices for secret management. - [INDIRECT_PROMPT_INJECTION]: The skill ingests external data from crypto news sources via the OKX API. While it lacks explicit boundary markers for this untrusted content, the skill does not possess sensitive capabilities (like file writing or network exfiltration) that could be exploited by malicious data.
Audit Metadata