alchemy-openapi-skill
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches a curated OpenAPI schema from the author's official GitHub repository (
holon-run/uxc) to define the API surface. - [COMMAND_EXECUTION]: Utilizes the
uxctool to establish API bindings and perform token price lookups. The setup includes creating a local CLI alias (alchemy-openapi-cli) for simplified execution. - [CREDENTIALS_UNSAFE]: Manages Alchemy API keys through environment variables (
--secret-env). The documentation correctly identifies that the API key is included in the request path and provides warnings regarding secret exposure and shell history. - [PROMPT_INJECTION]: The skill ingests external data from Alchemy API responses. It mitigates potential risks by instructing the agent to focus on specific JSON fields and restricting the scope to read-only price data.
Audit Metadata