Skillv0.1.1

ClawScan security

OKX交易执行器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 5:45 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The code implements an OKX trading adapter and legitimately requires OKX API credentials, but the package/registry metadata does not declare those secrets and there are small mismatches between the instructions and the actual runtime behavior — review before installing or supplying keys.
Guidance: This skill's code appears to be what it claims (an OKX trading adapter) and will need your OKX API key, secret, and passphrase to place orders. Before installing or running: (1) Do not paste live API credentials into a project folder unless you understand the risk — prefer platform-managed secrets or environment variables outside the project tree. (2) Verify the API key permissions (restrict to trading/read as required; avoid withdrawal permission). (3) Because the registry metadata does not declare the required secrets, treat this as a packaging/declared-permissions mismatch — ask the maintainer to update metadata. (4) Review and test against the demo provider first (okx_demo) with keys that have no live-fund risk. (5) If you want the agent to prompt a human for keys, update the runtime flow (execute.py currently exits on missing creds). If you cannot inspect or trust the maintainer, avoid supplying live credentials.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (OKX trading executor) matches the code: providers/okx_provider.py implements API calls and order placement to OKX. However the registry metadata claims 'Required env vars: none' and 'Primary credential: none' while the code and SKILL.md clearly require OKX API_KEY, API_SECRET, and PASSPHRASE. That mismatch is unexpected and should be fixed or explained.
Instruction Scope: noteSKILL.md instructs the agent to prompt the human to write credentials into a .env file if missing. The code attempts to load .env from the skill directory (or parent) and will exit with an error if the three OKX credentials are not present. There is no instruction or code that reads unrelated files, exfiltrates data, or posts data to endpoints other than the OKX API. Minor inconsistency: SKILL.md implies agent-driven interactive prompting, but execute.py simply prints an error and exits when creds are missing.
Install Mechanism: okNo install spec or third-party downloads are present; this is an instruction+code bundle that runs using existing Python and requests. Nothing is fetched from external arbitrary URLs and no archives are extracted.
Credentials: concernThe code legitimately requires three exchange secrets (OKX_API_KEY, OKX_API_SECRET, OKX_PASSPHRASE). That is proportionate to the skill's purpose. The concern is that the skill registry metadata does not declare these required env vars or a primary credential, which is misleading and could cause automated policy checks or secret-handling mechanisms to miss them.
Persistence & Privilege: okThe skill does not request 'always' presence, does not modify other skills, and contains no install-time persistence. It reads a local .env file only and uses the OKX API; it does not create background services or alter system-wide settings.