search CA & Token
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: okdex-market Version: 1.0.0 The skill bundle provides a Python SDK and documentation for interacting with the OKX Web3 Wallet Market API. The Python code (`okdex-market/okx_market_api.py`, `scripts/okx_market_api.py`) correctly implements API calls to `https://web3.okx.com` using HMAC SHA256 authentication, with credentials sourced from environment variables. All network interactions are confined to the legitimate OKX API. The `SKILL.md` and other documentation files are purely descriptive, outlining the API's functionality and usage, and contain no prompt injection attempts, malicious instructions, or hidden commands. There is no evidence of data exfiltration, unauthorized command execution, persistence mechanisms, or obfuscation, aligning perfectly with its stated purpose of querying cryptocurrency market data.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you run the helper with real OKX credentials, those credentials will be used to authenticate requests to OKX.
The helper can read OKX API credentials from environment variables to sign requests. This is expected for OKX API access and the code sends requests only to the documented OKX base URL, but these credentials are sensitive.
api_key = os.environ.get('OKX_API_KEY', 'your-api-key')
secret_key = os.environ.get('OKX_SECRET_KEY', 'your-secret-key')
passphrase = os.environ.get('OKX_PASSPHRASE', 'your-passphrase')Use a least-privilege OKX API key suitable for market-data access only, avoid enabling trading or withdrawal permissions, and store the key/secret/passphrase securely.