Is bubble501/phemex-trade safe?

https://github.com/openclaw/skills/tree/main/skills/bubble501/phemex-trade

92
SAFE

This Phemex trading skill appears to be a legitimate cryptocurrency trading interface that provides documentation for using a trading CLI tool. It contains no executable code and includes appropriate safety measures to prevent unauthorized trading.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

INFO External npm package dependency -15

Skill references external npm package 'phemex-trade-mcp' for functionality. The package itself was not audited as part of this skill review.

INFO API credentials required -10

Skill requires PHEMEX_API_KEY and PHEMEX_API_SECRET environment variables for trading functionality. This is normal for trading applications but users should be cautious with real credentials.

INFO Financial risk from trading operations -15

Skill enables cryptocurrency trading which carries inherent financial risk. However, it includes appropriate safety measures requiring user confirmation for trades.