coingecko-openapi-skill
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an OpenAPI schema hosted on the author's official GitHub repository (holon-run/uxc). This is a standard practice for defining the tool's interface and is considered safe as it originates from the vendor's controlled infrastructure.
- [COMMAND_EXECUTION]: The skill instructions include commands for the uxc utility to manage credentials and link the API schema. It also includes a local validation script (scripts/validate.sh) that checks the skill structure using standard tools like jq and rg.
- [SAFE]: The skill correctly instructs users to store sensitive API keys in environment variables rather than hardcoding them, aligning with security best practices.
Audit Metadata