search CA & Token
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward OKX market-data helper that uses OKX API credentials for signed requests and does not show hidden, destructive, or unrelated behavior.
This skill is reasonable for querying OKX Web3 market data. Before using it with real credentials, create a limited OKX API key for read/market-data use, do not grant unnecessary account-changing permissions, and be aware that token queries and signed headers are sent to OKX.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you run the helper with real OKX credentials, those credentials will be used to authenticate requests to OKX.
The helper can read OKX API credentials from environment variables to sign requests. This is expected for OKX API access and the code sends requests only to the documented OKX base URL, but these credentials are sensitive.
api_key = os.environ.get('OKX_API_KEY', 'your-api-key')
secret_key = os.environ.get('OKX_SECRET_KEY', 'your-secret-key')
passphrase = os.environ.get('OKX_PASSPHRASE', 'your-passphrase')Use a least-privilege OKX API key suitable for market-data access only, avoid enabling trading or withdrawal permissions, and store the key/secret/passphrase securely.