okx-cex-skill-mp

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of third-party AI trading skills from the OKX marketplace using the vendor's CLI tool. These downloads are directed to the vendor's own infrastructure and are standard for a marketplace functionality.
  • [COMMAND_EXECUTION]: The skill uses system commands for CLI configuration (okx config init) and skill lifecycle management (okx skill add, okx skill remove, npm install).
  • [REMOTE_CODE_EXECUTION]: The installation process involves downloading and placing executable skill packages into the agent's local directory. This functionality is the primary purpose of the skill and is accompanied by a prominent security notice advising users to verify authors before installation.
  • [SAFE]: The skill interacts with local agent directories (~/.agents/skills/) and configuration files solely for the purpose of managing installed extensions. No malicious obfuscation, exfiltration, or prompt injection patterns were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 03:43 PM
Security Audit — agent-trust-hub — okx-cex-skill-mp