Bingx Announcement

v0.1.2

Query BingX official announcements by module type — latest announcements, promotions, product updates, maintenance notices, listing/delisting, funding rate,...

⭐ 0· 96·0 current·0 all-time

by@julian-l

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name and description match the provided instructions and api-reference: the skill documents a public announcements endpoint and only needs HTTP GETs. No extraneous credentials, binaries, or installs are requested.

ℹ

Instruction Scope

Instructions are limited to read-only API requests and summarizing results. Two unusual points: (1) the SKILL mandates including a static header X-SOURCE-KEY: BX-AI-SKILL on every request (not an auth secret, appears to be a tracking/source header), and (2) it requires copying the fetchContent function verbatim. Neither is inherently malicious, but the verbatim requirement is atypical and reduces implementation flexibility. The docs reference a relative file references/base-urls.md that is not included in the provided manifest — callers must ensure BASE_URLS are set to official domains.

✓

Install Mechanism

This is an instruction-only skill with no install spec and no code files that execute on install. That's the lowest-risk model and matches the declared metadata.

✓

Credentials

The skill requests no environment variables, no credentials, and no config paths. That is proportionate to accessing a public API. The X-SOURCE-KEY header is a constant (not a secret) declared in the docs.

✓

Persistence & Privilege

always is false and the skill does not request persistent privileges or system-wide config changes. It does not instruct modifying other skills or storing credentials.

Assessment

This skill appears to do exactly what it says: fetch public BingX announcements via a read-only API and summarize them. Before installing, confirm you trust the skill's source (owner ID and the missing homepage/source are limited metadata). Also check the BASE_URLS you or the agent will use (the docs reference a missing references/base-urls.md) and prefer the official domain (https://open-api.bingx.com). Be aware the SKILL mandates adding a non-secret header X-SOURCE-KEY: BX-AI-SKILL and copying the provided fetchContent function verbatim — these are unusual constraints but not dangerous by themselves. If you need higher assurance, request a skill with a published source repository or homepage and explicit base-URL configuration.

Like a lobster shell, security has layers — review code before you run it.

latestvk97efzgbyfhwdgn0cjz3r10j9h8366bc

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Bingx Announcement

License

Comments