bingx-swap-ws-account

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly embeds listenKey, API key, and secretKey into URLs/headers and provides code that signs requests with the secret (and requires copying those functions), so an LLM would need to handle or output sensitive secret values verbatim.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned for high-entropy, directly-present credential values. The example response includes a 64-character hex listenKey: "a8ea75681542e66f1a50a1616dd06ed77dab61baa0c296bca03a9b13ee5f2dd7" — a random-looking token that qualifies as a real, usable credential and is not a documentation placeholder. I ignored obvious placeholders and low-entropy examples such as X-BX-APIKEY: <your-api-key>, X-SOURCE-KEY: BX-AI-SKILL, <key>, and simple example strings per the rules.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is specifically and explicitly for a crypto derivatives exchange (BingX USDT‑M perpetual swaps). It includes exchange-specific REST endpoints (POST/PUT/DELETE) for Listen Key lifecycle, HMAC signing logic for API authentication, and real‑time account/order/position streams (ORDER_TRADE_UPDATE, ACCOUNT_UPDATE). These are crypto/exchange APIs (swaps + signing) rather than a generic tool, so it meets the criteria for crypto/ blockchain financial capability. Even though the Agent Interaction Rules try to limit execution to GET-only, the skill itself exposes exchange-specific endpoints and signing code and thus constitutes direct financial execution capability risk.