The Agent Skills Directory

[SAFE]: No malicious patterns, vulnerabilities, or deceptive behaviors were detected. The skill's operations are transparent and consistent with its stated purpose.
[COMMAND_EXECUTION]: The skill executes local TypeScript scripts for all API interactions. This is the required mechanism for generating HMAC SHA256 signatures for authentication and for processing structured API responses.
[EXTERNAL_DOWNLOADS]: The skill uses npx to execute scripts, which may fetch the tsx package from the official npm registry. This is a standard development practice and uses a well-known, trusted package repository.
[CREDENTIALS_UNSAFE]: The skill correctly avoids hardcoding secrets, requiring the user to provide CDC_API_KEY and CDC_API_SECRET via environment variables.
[PROMPT_INJECTION]: The skill includes defensive confirmation logic for trades and account changes (e.g., the 'CONFIRM KILL SWITCH' phrase), ensuring that high-impact actions are not executed without explicit, intentional user consent.

crypto-com-app