Bybit OpenAPI Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent read-only Bybit public market-data skill, with one minor supply-chain note because its setup points UXC at a mutable GitHub-hosted schema URL.
This skill appears safe for public Bybit market-data lookups. Before installing, be aware that it creates/uses a UXC command linked to a GitHub-hosted OpenAPI schema; for stronger assurance, use the bundled schema or a pinned reviewed URL.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the remote schema changes later, the linked CLI could expose behavior different from the reviewed bundled schema.
The UXC link uses a mutable remote schema URL rather than an obviously pinned artifact. The behavior is disclosed and central to the skill, but the schema controls what operations the generated CLI exposes.
uxc link bybit-openapi-cli https://api.bybit.com --schema-url https://raw.githubusercontent.com/holon-run/uxc/main/skills/bybit-openapi-skill/references/bybit-v5.openapi.json
Review the schema before linking, or use a pinned commit/local bundled schema when possible.