DEX Aggregator Quote

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only OKX quote helper that uses OKX API credentials for its stated purpose and shows no hidden persistence, destructive behavior, or unrelated data access.

Install only if you are comfortable letting the skill use OKX Web3 API credentials to request quotes from OKX. Prefer a dedicated, least-privilege key for quote access, avoid keys with trading or withdrawal authority, and do not print or share the secret key or passphrase.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The skill requires API credentials and makes authenticated external requests, but it does not prominently warn users that secrets will be used and transmitted to a third-party service. In agent environments, missing disclosure increases the risk of unintended credential use, privacy surprises, and misuse of privileged context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal