aicoin-market
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill restricts all network communication to the official AiCoin API domain (
open.aicoin.com) to fetch market and project data. - [SAFE]: Credential management is handled locally through
.envfiles. The skill includes a dedicated utility (scripts/coin.mjs update_key) that validates API keys via a test request before writing them to the local configuration. - [SAFE]: Hardcoded credentials in
lib/defaults.jsonare explicitly documented as public free-tier keys provided by the vendor for initial setup and market data access. - [SAFE]: The skill does not utilize any obfuscation or hidden execution patterns. All operations are performed by transparent Node.js ESM scripts using standard built-in modules.
- [SAFE]: No external package dependencies are defined in the
package.json, and the skill does not download or execute remote scripts at runtime.
Audit Metadata