Quant Trade

This skill largely does what it claims (fetch public OKX market data, compute indicators, and rely on an OKX CLI for order placement), but there are important inconsistencies you should address before using it with real funds: - Do not provide live API keys until you verify the CLI package and skill provenance. The SKILL.md asks for OKX_API_KEY / OKX_SECRET_KEY / OKX_PASSPHRASE and references ~/.okx/config.toml, but the skill metadata did not declare these — confirm this mismatch with the publisher. - The SKILL.md instructs installing an npm package named @okx_ai/okx-trade-cli. Treat this as untrusted until you confirm it is an official OKX package: inspect the package's registry page/source repository, check maintainers, and prefer installing in a sandbox or container rather than globally (avoid npm -g initially). - Test only against the demo profile first (explicitly use --profile demo) and verify behavior in a sandboxed environment before using real money. Create API keys with minimal permissions (trading-only, no withdrawals) and rotate/revoke them after testing. - The included Python code (calculator.py/scheduler.py) only calls OKX public market endpoints and does not itself exfiltrate credentials; the main risk is the external 'okx' CLI and local config file usage. Inspect or vet that CLI prior to use. If you want, I can: (a) extract the exact npm package metadata for @okx_ai/okx-trade-cli if you provide access to npm, (b) show the exact lines in SKILL.md that reference credentials/config paths, or (c) suggest a minimal, safer workflow to test this skill in demo mode.