Dexie
PassAudited by ClawScan on May 1, 2026.
Overview
Dexie appears to be a benign read-only Chia DEX lookup skill that calls the public Dexie.space API, with normal npm install and CLI-linking considerations.
This looks safe for read-only Dexie.space market lookups. Before installing, be aware that it uses npm dependencies, can create global dex/dexie CLI commands, and sends lookup queries to the public Dexie.space API.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Token searches, offer IDs, and similar lookup inputs may be sent to Dexie.space to retrieve public market data.
The skill sends user-requested lookup parameters to the Dexie.space API, which is central to its stated purpose and limited to GET requests.
const BASE_URL = 'https://api.dexie.space/v1'; ... const response = await this.client.get(path, { params });Use it for public market lookups as intended, and avoid entering private or sensitive text as search queries.
Installing the skill will pull npm dependencies and, if npm link is used, add global dex/dexie commands.
Installation relies on npm dependencies and optionally creates global CLI commands. This is disclosed and normal for a CLI package, but it changes the local development environment.
npm install; chmod +x cli.js; npm link # Makes 'dex' and 'dexie' global
Install from a trusted copy of the package, keep the lockfile intact, and only run npm link if you want the global CLI commands.