Skills
skills/hubblevision/hubble-data-service-skill/crypto-market/Socket

crypto-market

Warn

Audited by Socket on May 8, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: 功能上与加密市场查询基本一致,但数据流完整性明显异常。该技能强制所有请求走一个不可验证归属的私有 Hubble API,使用裸 IP 和明文 HTTP,并在文档中暴露硬编码 API key。这些行为对其声明目的并非必要,造成较高的凭证泄露和数据中间人风险。

Confidence: 91%Severity: 76%
Audit Metadata
Analyzed At
May 8, 2026, 02:52 PM
Package URL
pkg:socket/skills-sh/HubbleVision%2Fhubble-data-service-skill%2Fcrypto-market%2F@fd65aadf7ca04e6c2355fbffcd906f55e899f660