hodlmm-pulse
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: No security issues detected. The skill's logic is focused on read-only financial data retrieval and local trend computation.
- [EXTERNAL_DOWNLOADS]: Fetches liquidity pool metrics from official Bitflow API endpoints (
bff.bitflowapis.finance). This is consistent with the skill's stated purpose of monitoring Bitflow HODLMM pools. No sensitive information or credentials are transmitted to these endpoints. - [COMMAND_EXECUTION]: The script reads and writes to a local state file located at
~/.hodlmm-pulse-state.json. This is used to store historical snapshots for trend analysis. The file path is statically defined usingos.homedir(), preventing path traversal or unauthorized file access risks.
Audit Metadata