ClawHub

OKX交易执行器

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real OKX trading skill, but it can place live trades using locally stored exchange credentials without strong safety gates.

Install only if you intentionally want an agent to query and trade on OKX. Use demo mode first, avoid giving credentials for accounts holding significant funds, create a restricted OKX API key with withdrawals disabled and IP restrictions, and manually review every live order before allowing execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documents access to environment-based credentials and networked exchange operations, but the manifest does not declare corresponding permissions. This creates a transparency and governance gap: users or orchestrators may invoke a skill with sensitive capabilities without an explicit permission boundary or review signal.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The description presents the skill as a general trading execution gateway for OKX live and demo environments without clear trigger constraints, safety gating, or approval requirements. Overly broad invocation language increases the chance that an agent will use it in unsafe contexts, including unintended live trading actions.

Missing User Warnings

High
Confidence
96% confidence
Finding
The documentation explicitly supports OKX live trading and gives concrete order-placement examples, but it does not prominently warn that real orders can cause irreversible financial loss. In a trading-execution skill, missing risk warnings and approval requirements materially increase the danger of accidental or unauthorized real-market transactions.

Missing User Warnings

High
Confidence
87% confidence
Finding
The provider exposes direct order-submission methods that can place market and limit trades immediately, including against the live OKX endpoint when is_demo is false, with no built-in confirmation, policy check, or safety interlock. In an agent context, this increases the risk of unintended or prompt-induced unauthorized trading because a single tool call can trigger irreversible financial actions.

Missing User Warnings

High
Confidence
95% confidence
Finding
The script permits live order placement against the OKX live environment as soon as valid credentials are present, with no explicit user-facing confirmation, dry-run safeguard, or environment-specific friction. In a trading execution skill, this materially increases the chance of accidental real-money trades from misconfiguration, prompt injection into upstream agents, or operator error.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to solicit API credentials from the user and place them into a `.env` file in the working directory for later execution. This encourages collection and local storage of highly sensitive trading secrets in a potentially shared workspace, increasing the risk of credential leakage, misuse by other tools, and unauthorized trading.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal