ClawHub

OKX Trade Kit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OKX trading setup skill, but it connects AI clients to live exchange credentials and money-moving trading tools that can affect real funds.

Install only if you intentionally want an AI client connected to OKX trading. Start with demo or read-only mode, use a dedicated sub-account with no withdrawal permission, protect and restrict access to `~/.okx/config.toml`, verify the external OKX packages before installing, and require manual confirmation for every live order, leverage change, or bot action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are overly broad and match generic OKX trading, installation, and configuration requests without clear guardrails or exclusions. This can cause the skill to activate in contexts where the user did not intend automated trading guidance, increasing the chance of inappropriate financial instructions or accidental progression toward sensitive actions like API setup and trading enablement.

Natural-Language Policy Violations

Medium
Confidence
77% confidence
Finding
The skill content is written primarily in Cantonese/Chinese and effectively steers responses into that language without offering a user-language fallback. While not directly enabling code execution or data theft, this can create misunderstanding around high-risk financial actions, API-key handling, and trading instructions if the user's preferred language differs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document instructs users to place live and demo API credentials directly into `~/.okx/config.toml` but does not warn that this is a local plaintext secrets file or advise on filesystem permission hardening and safer secret handling. In a trading skill, exposed exchange API keys can enable account data access and, if permissions allow, real-money trades or withdrawals-related actions, making this materially risky.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples include live profiles for spot, swap, and options usage without a prominent warning that these commands may connect an AI client to a real-money trading account and enable account-impacting actions. In the context of an AI trading toolkit, this is more dangerous than generic CLI documentation because users may copy-paste commands into agent-integrated environments where automated execution and misunderstandings can quickly cause financial loss.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This reference file enumerates live trading, leverage, account-balance, and bot-creation tools without prominent warnings that these actions can affect real funds, open leveraged positions, or stop/modify existing orders. In the context of an AI agent trading skill, omission of risk and account-impact warnings increases the chance that users or downstream agents invoke destructive financial actions without informed consent or safe-mode safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal