okx-cex-earn

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the official OKX command-line interface package (@okx_ai/okx-trade-cli) from the npm registry. This is the expected and legitimate source for the vendor's tooling.
  • [COMMAND_EXECUTION]: The skill executes various okx CLI commands to interact with the OKX Earn API. These operations include checking balances, subscribing to products, and redeeming funds, all of which are within the skill's stated purpose.
  • [DATA_EXFILTRATION]: The skill instructions include running okx config show --json, which reads the local configuration file ~/.okx/config.toml. This is performed to determine the active authentication mode (API Key or OAuth) and ensure the agent uses the correct profile. This is a local operation for session management and does not involve external data exfiltration.
  • [PROMPT_INJECTION]: The skill ingests data from the OKX API, such as product lists and order statuses. While this presents an indirect prompt injection surface, the data is sourced directly from the trusted vendor's infrastructure to be formatted into Markdown tables.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 03:43 PM
Security Audit — agent-trust-hub — okx-cex-earn