OKX Exchange
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: okx-exchange Version: 1.0.1 The skill is classified as suspicious due to the presence of a configuration option (`OKX_API_URL` in `scripts/okx_client.py`) that allows overriding the API base URL. While not actively exploited by the skill itself, this presents a vulnerability where a compromised environment or a sophisticated prompt injection could redirect API calls to a malicious server, potentially leading to credential harvesting or unauthorized actions. Additionally, the use of `openclaw cron add` in `scripts/cron_setup.sh`, while used defensively with strong anti-prompt-injection messages, represents a powerful capability that could be abused if the agent were manipulated to create malicious cron jobs. No clear evidence of intentional harmful behavior (e.g., data exfiltration to unauthorized endpoints, backdoors, or direct malicious execution) was found. The skill includes several safety features like simulated trading mode, order confirmation, and explicit instructions against credential logging.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If live or over-permissioned API keys are used, the agent may be able to trade or change account state on the user's OKX account.
The skill asks for OKX exchange API credentials, including live-trading credentials, while the registry metadata says required env vars and primary credential are none. These keys can grant account and trading authority.
OKX_API_KEY=your_key OKX_SECRET_KEY=your_secret OKX_PASSPHRASE=your_passphrase ... OKX_API_KEY_LIVE / OKX_SECRET_KEY_LIVE / OKX_PASSPHRASE_LIVE
Use paper trading first, create a dedicated OKX API key with the minimum required permissions, disable withdrawals, use IP restrictions if available, and declare the required credentials in metadata before broad distribution.
A mistaken or overly autonomous agent action could place trades without a final manual confirmation.
The skill explicitly documents bypassing the order confirmation prompt for automated trading. That is purpose-aligned, but it is high-impact financial mutation and needs strong user gating.
Skip confirmation prompt (for automation): ```bash python3 okx.py buy BTC-USDT market 0.01 --no-confirm ```
Keep confirmation enabled by default, avoid `--no-confirm` unless intentionally automating with strict limits, and require explicit user approval before live orders, leverage changes, fund transfers, or bulk cancellations.
After setup, trading-related checks may continue running in the background across sessions and could affect live positions depending on configuration.
The setup script can create persistent scheduled jobs that load exchange credentials and run monitoring commands repeatedly.
openclaw cron add \
--every "${SLTP_INTERVAL}" \
--name "okx-sl-tp" ...
source ~/.openclaw/workspace/.env
cd ${SCRIPTS_DIR}
python3 okx.py snapshot
python3 okx.py monitor sl-tpEnable cron only intentionally, start in demo mode, review `openclaw cron list`, and use the documented teardown command when automation is no longer wanted.
Local memory files may contain sensitive trading history and can influence future strategy decisions.
The skill intentionally persists trading preferences, account/trade history, and learning state for later decisions.
`memory/okx-trading-preferences.json` | Risk parameters, strategy config, trading mode `memory/okx-trade-journal.json` | Learning system trade log `memory/okx-learning-model.json` | Learning model
Treat the memory files as sensitive, review them periodically, and clear or reset learning data if it becomes inaccurate or if other agents can modify the workspace.
Users have less metadata-backed assurance about where the skill came from and exactly what setup steps are expected.
The registry metadata gives limited provenance and no install contract, even though the README includes a pip-based setup path.
Source: unknown Homepage: none ... Install specifications No install spec — this is an instruction-only skill.
Review the included source before use, publish a clear homepage/source link, add an install spec, and pin dependencies where practical.