okx-cex-earn
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official OKX command-line interface package (
@okx_ai/okx-trade-cli) from the npm registry. This is the expected and legitimate source for the vendor's tooling. - [COMMAND_EXECUTION]: The skill executes various
okxCLI commands to interact with the OKX Earn API. These operations include checking balances, subscribing to products, and redeeming funds, all of which are within the skill's stated purpose. - [DATA_EXFILTRATION]: The skill instructions include running
okx config show --json, which reads the local configuration file~/.okx/config.toml. This is performed to determine the active authentication mode (API Key or OAuth) and ensure the agent uses the correct profile. This is a local operation for session management and does not involve external data exfiltration. - [PROMPT_INJECTION]: The skill ingests data from the OKX API, such as product lists and order statuses. While this presents an indirect prompt injection surface, the data is sourced directly from the trusted vendor's infrastructure to be formatted into Markdown tables.
Audit Metadata