htx-futures-trading

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows CLI commands that take AccessKeyId and SecretKey as command arguments (htx-cli config set-key ; htx-cli config set-secret ), which would require the agent to include secret values verbatim in generated commands or outputs.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading integration for HTX USDT-margined perpetual futures. It exposes CLI commands and REST endpoints for placing, canceling, batch-canceling, flashing-closing positions, changing leverage/position mode, and setting trigger/TP/SL orders. The doc shows concrete write operations (POST endpoints and htx-cli commands) and requires API keys with "trade" permission. Its primary purpose is to execute market/futures orders and modify positions — i.e., directly move/alter financial assets. Therefore it meets the criteria for Direct Financial Execution.