okx-cex-portfolio
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@okx_ai/okx-trade-clipackage from the official npm registry. This is a recognized vendor resource from 'okx' used for its intended purpose. - [COMMAND_EXECUTION]: The skill uses the
okxcommand-line interface to perform account operations such as checking balances and viewing trade history. These commands are restricted to account management and are consistent with the skill's stated purpose. - [DATA_EXFILTRATION]: While the skill reads sensitive account information like balances and positions, this data is intended for the user's awareness. The skill explicitly instructs the agent to never accept credentials in chat and to use secure configuration methods.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes data returned from the OKX API (e.g., transaction bills or currency names). 1. Ingestion points: Data from OKX API via
okx accountcommands. 2. Boundary markers: Not explicitly defined in instructions. 3. Capability inventory: Execution ofokxCLI commands. 4. Sanitization: Relies on standard platform processing of tool outputs.
Audit Metadata