Scan Report
0 /100
oatda-list-models
List available AI models from OATDA's 10+ providers with optional filtering by type or provider name
A straightforward OATDA API client that lists AI models with documented credential file access and shell-based API calls. No suspicious behavior detected.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:25-29 - curl commands with API key |
| Filesystem | READ | READ | ✓ Aligned | SKILL.md:24 - cat ~/.oatda/credentials.json for API key |
| Network | READ | READ | ✓ Aligned | SKILL.md:27-29 - GET requests to oatda.com API |
| Environment | NONE | READ | ✓ Aligned | SKILL.md:24 - reads OATDA_API_KEY env var if set |
6 findings
Medium External URL 外部 URL
https://oatda.com SKILL.md:4 Medium External URL 外部 URL
https://oatda.com/api/v1/llm/models SKILL.md:40 Medium External URL 外部 URL
https://oatda.com/api/v1/llm/models?type=image&provider=openai SKILL.md:62 Medium External URL 外部 URL
https://oatda.com/api/v1/llm/models?type=image SKILL.md:72 Medium External URL 外部 URL
https://oatda.com/api/v1/llm/models?type=video SKILL.md:76 Medium External URL 外部 URL
https://oatda.com/api/v1/llm/models?type=video&provider=bytedance SKILL.md:80 File Tree
1 files · 5.1 KB · 160 lines Markdown 1f · 160L
└─
SKILL.md
Markdown
Security Positives
✓ API key handling follows security best practices - only shows first 8 characters
✓ All shell commands and credential file access are explicitly documented in SKILL.md
✓ Only makes read-only GET requests to a legitimate service (oatda.com)
✓ No data exfiltration or credential harvesting for malicious purposes
✓ Clear error handling for authentication and rate limiting errors
✓ Skill purpose (model listing) matches implementation - no hidden functionality
✓ Related skills listed for transparency