openmm-grid-trading
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a restricted bash tool
Bash(openmm:*), which limits the agent's interaction to the specificopenmmbinary. This prevents the execution of arbitrary shell commands and significantly reduces the attack surface. - [CREDENTIALS_UNSAFE]: Required API keys for exchanges like MEXC and Kraken are managed via environment variables. This is a secure method that prevents hardcoding or accidental exposure of sensitive credentials.
- [EXTERNAL_DOWNLOADS]: The installation configuration references the
@3rd-eye-labs/openmmNode.js package. This is the core component for the skill's trading functionality and does not exhibit any suspicious download-and-execute patterns. - [DATA_EXFILTRATION]: No patterns indicative of data exfiltration were found. The tool's network activities are restricted to communication with authorized cryptocurrency exchange APIs as part of its primary function.
- [SAFE]: No obfuscation, prompt injection vectors, or persistence mechanisms were detected in the analysis of the skill's instructions and references.
Audit Metadata