market_test_price
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a narrow OKX token-price helper; it uses OKX API credentials and an undeclared Python dependency, but the behavior is disclosed and purpose-aligned.
This skill looks safe for its stated purpose if you intend to query OKX token prices. Before using it, provide only appropriately scoped OKX API credentials, avoid sharing secrets in chat or logs, and be aware that queried token addresses are sent to OKX.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill needs OKX API credentials to work; if those credentials have broad OKX permissions, mishandling them could affect the user’s account.
The client reads OKX API credentials and uses them to sign requests. This is expected for the stated OKX integration, but users should treat these credentials as sensitive.
self.api_key = (api_key or os.environ.get("OKX_ACCESS_KEY", "")).strip()
self.secret_key = (secret_key or os.environ.get("OKX_SECRET_KEY", "")).strip()
self.passphrase = (passphrase or os.environ.get("OKX_PASSPHRASE", "")).strip()Use the least-privileged OKX API key suitable for market-price access, keep the secret and passphrase out of chats/logs, and rotate keys if they are exposed.
OKX will receive the token contract addresses being queried along with the signed API request.
The script sends the user’s token query and authentication headers to the OKX API endpoint. This is the core stated purpose and is scoped to a price endpoint.
resp = self.session.post(url, headers=headers, data=body, timeout=self.timeout)
Only query token addresses you are comfortable sending to OKX, and review requests before running the CLI with sensitive portfolio-related token lists.
A user may need to install an external Python package before use.
The script depends on the external requests package, but there is no install spec or pinned dependency in the provided artifacts. The code does not auto-install it.
except ImportError:
raise ImportError("Please install requests: pip install requests")Install dependencies from a trusted Python environment and consider pinning package versions in your own project if you reuse this code.