onchain-pay-open-api
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses local RSA private keys (.pem files) for the purpose of signing API requests. This is a core requirement for its functionality and the skill provides explicit guardrails to prevent the agent from revealing the key content or path to users.
- [COMMAND_EXECUTION]: Requests are signed and dispatched via a local bash script (scripts/sign_and_call.sh) which uses standard shell security practices to prevent argument injection.
- [EXTERNAL_DOWNLOADS]: The skill connects to api.commonservice.io, which is a verified infrastructure domain for Binance's Onchain-Pay services.
Audit Metadata