OKX Trader
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a real OKX trading bot, but it can autonomously place and cancel live orders with API keys and has under-scoped or under-declared safety boundaries.
Only use this with funds you can afford to risk. Start with OKX_IS_SIMULATION=true or config.json isSimulation=true, use a dedicated trade-only API key with withdrawals disabled, review grid_settings/maxPosition carefully, avoid running manual orders with the same sizes unless the code is changed to tag bot orders, and do not enable the cron schedule until you have tested and monitored it.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The bot could cancel existing user orders or place real trades automatically, which can cause financial loss.
The maintenance tool mutates the OKX account by cancelling orders and submitting new buy/sell orders. Cancellation identifies bot orders by matching size on the configured instrument, not by a bot-specific client order ID or tag, so unrelated manual orders of the same size could be cancelled.
const toCancel = pendingOrders.filter(o => Math.abs(parseFloat(o.sz) - CONFIG.sizePerGrid) < 0.000001) ... client.request('/trade/cancel-order' ...); ... client.request('/trade/order', 'POST', JSON.stringify(ord))Use simulation first, run on a dedicated subaccount, set strict grid and position limits, and modify the bot to tag its own orders and cancel only tagged orders.
Using the skill means giving the agent API credentials capable of trading on the user’s OKX account.
The bundled skill declares required OKX credentials for account access, while the supplied registry requirements say there are no required environment variables and no primary credential. For a trading bot, this under-declares a sensitive permission boundary.
"env": { "OKX_API_KEY": { "description": "OKX API Access Key", "required": true }, "OKX_SECRET_KEY": { "description": "OKX API Secret Key", "required": true }, "OKX_PASSPHRASE": { "description": "OKX API Passphrase", "required": true } }Use a trade-only OKX API key with withdrawals disabled, IP restrictions if available, and a low-balance subaccount; registry metadata should accurately declare the required credentials.
A user may expect a safer simulated default but accidentally run the bot against real funds.
The documentation warns users to test in simulation first, but the declared default is false, meaning live trading is the default unless the user explicitly sets simulation mode.
"OKX_IS_SIMULATION": { "description": "Enable simulation mode (true/false)", "default": "false" }Set simulation mode explicitly before first use, and prefer changing the skill default to simulation-on unless live trading is explicitly confirmed.
If scheduled, the bot may continue trading repeatedly without a fresh prompt each time.
The skill provides a recurring schedule template that can run the trading-maintenance task every five minutes. This is disclosed and purpose-aligned, but it creates ongoing autonomous trading behavior if enabled.
"cronTemplates": [ ... { "name": "OKX Grid Auto-Maintenance", "schedule": "*/5 * * * *", "task": "okx_grid_maintain" } ... ]Enable cron only after simulation testing, and add explicit stop conditions, order caps, and monitoring alerts.
Local files may reveal account value, holdings, trading activity, and strategy parameters if the workspace is shared or exposed.
The snapshot tool stores account balances, assets, trading summaries, pending-order counts, and strategy settings in local JSON files. This is expected for reporting, and no hidden external destination is shown, but the data is sensitive.
const snapshot = { timestamp: now.toISOString(), totalEquityUsd, assets, prices, tradingSummary24h: tradingSummary, pendingOrders: pendingCounts, gridSettings: settings }; ... fs.writeFileSync(path.join(SNAPSHOT_DIR, `${dateStr}.json`), JSON.stringify(snapshot, null, 2));Protect the okx_data directory, avoid sharing snapshots, and consider retention or redaction for sensitive financial history.
Users have less registry-level assurance about where the skill came from and what credentials/tools it requires.
For a high-impact trading skill, the registry metadata gives limited provenance and omits requirements that are declared inside skill.json. No remote installer or hidden dependency is shown, so this is a provenance/metadata note rather than evidence of malicious code.
Source: unknown; Homepage: none; Required binaries: none; Required env vars: none
Verify the source repository and package contents before use, and prefer accurate registry metadata for runtime and credential requirements.