coinank-openapi

Warn

Audited by Snyk on Jun 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).


MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly handles Agent Payments Protocol / x402 pay-per-call flows and references crypto payment tooling: it requires and delegates payment execution to okx-agent-payments-protocol and okx-agentic-wallet, describes signing schemes (EOA vs contract wallet), mandates generating payment proofs or using the charge flow, and instructs replaying requests with payment headers after payment. These are specific crypto payment/signing integrations (wallet signing/payment gateway behavior), so the skill is designed to initiate/coordinate on-chain or payment actions rather than being purely generic. Therefore it grants Direct Financial Execution capability (via delegated OKX payment skills).

Issues (2)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 03:27 AM
Issues
2
Security Audit — snyk — coinank-openapi