Dexie
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: dexie Version: 1.0.0 The skill is a client for the Dexie.space API, designed to track Chia DEX trading. All code and documentation are clearly aligned with this stated purpose. Network calls are exclusively directed to `https://api.dexie.space/v1` via the `axios` library, as seen in `lib/api.js`. There is no evidence of data exfiltration, malicious execution (e.g., `eval`/`exec` of untrusted input, `curl|bash`), persistence mechanisms, or prompt injection attempts in `SKILL.md` or `README.md` that would instruct the agent to deviate from its intended function. The installation script (`install.sh`) and `package.json` specify standard Node.js dependency management and execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Token searches, offer IDs, and similar lookup inputs may be sent to Dexie.space to retrieve public market data.
The skill sends user-requested lookup parameters to the Dexie.space API, which is central to its stated purpose and limited to GET requests.
const BASE_URL = 'https://api.dexie.space/v1'; ... const response = await this.client.get(path, { params });Use it for public market lookups as intended, and avoid entering private or sensitive text as search queries.
Installing the skill will pull npm dependencies and, if npm link is used, add global dex/dexie commands.
Installation relies on npm dependencies and optionally creates global CLI commands. This is disclosed and normal for a CLI package, but it changes the local development environment.
npm install; chmod +x cli.js; npm link # Makes 'dex' and 'dexie' global
Install from a trusted copy of the package, keep the lockfile intact, and only run npm link if you want the global CLI commands.