htx-futures-account

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and requires running commands like "htx-cli config set-key " and "htx-cli config set-secret ", which forces embedding API keys/secrets as literal CLI arguments and thus requires the LLM to handle/output secret values verbatim.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly for a crypto exchange (HTX) USDT-margined futures account and includes write-capable endpoints to perform internal fund movements (e.g., /v1/swap_master_sub_transfer, /v1/swap_transfer_inner). The prompt even lists example usage ("Move 500 USDT from main to sub-account"), requires API keys with write permission for transfers, and describes a transfer workflow that executes money movement after confirmation. These are specific, exchange-level financial execution capabilities (crypto fund transfers), not generic tooling — therefore it grants direct financial execution authority.