The Agent Skills Directory

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt embeds plaintext API keys and shows examples (e.g., skill.loginWithApiKey(GDEX_API_KEY_PRIMARY)) that require the agent to insert secret key values verbatim into code/requests, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

Malicious code pattern detected (high risk: 0.85). No hidden code-execution/backdoor payloads detected, but the package exposes high-risk abuse vectors: plaintext/shared API keys baked into the skill, built-in "quick connect" enabling immediate agent-driven custodial trading, examples that print/store private keys, deterministic AES key/IV derivation and guidance that include the API key inside payloads — together these enable credential misuse and automated financial theft (exfiltration/unauthorized trades) if keys or session signing are abused.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.70). The skill instructs agents to fetch and run remote packages (e.g., via "npx skills add GemachDAO/gdex-skill" / MCP server) which will download and execute code from the repository at https://github.com/GemachDAO/gdex-skill, meaning external content can be fetched at runtime and supply/alter model context or execute code.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

Secret detected (high risk: 1.00). I scanned for literal, high-entropy credentials that would provide access. The document contains two literal UUID-like strings under "Shared API Keys":
9b4e1c73-6a2f-4d88-b5c9-3e7a2f1d6c54 (primary)
2c8f0a91-5d34-4e7b-9a62-f1c3d8e4b705 (secondary)

These are explicit API key values (not placeholders) and appear usable, so they meet the "secret" definition. Other values that might look sensitive were ignored per the rules: Ethereum/Solana addresses and token mint IDs are public identifiers (not credentials), truncated or example addresses (e.g., 0x9967..., tokenAddress, EPjFW...) are public or examples, and environment variable names (GDEX_API_KEY_PRIMARY) are only names. No private keys, PEM blocks, or other high-entropy secrets were found.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

Direct money access detected (high risk: 1.00). The gdex-trading skill is explicitly designed to execute financial actions on behalf of users. It provides managed-custody wallet operations, spot trading (buy/sell tokens), perpetual futures (open/close positions, leverage via sizing), deposit/withdraw USDC, limit order creation/update/cancel, cross-chain bridging (request_bridge), and copy-trading write operations. The docs list concrete API endpoints (/v1/bridge/request_bridge, /v1/orders, hl_create/hl_create_order, perpDeposit, etc.), SDK methods (buyToken, limitBuy/limitSell), session signing formats, and an "Autonomous Agent Playbook" showing how an agent can perform end-to-end trades without human intervention. These are specific crypto/blockchain transaction capabilities (sending transactions, creating orders, depositing/withdrawing funds), not generic tooling. Therefore it grants Direct Financial Execution Authority.

gdex-trading