Skillv1.3.2

ClawScan security

okx-cex-bot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 27, 2026, 4:18 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The SKILL.md clearly expects an OKX CLI and API credentials and instructs installing an npm package and reading local OKX config, but the registry metadata claims no binaries, no install, and no required credentials — these contradictions are unexplained and worth caution.
Guidance: This skill's instructions expect you to have (or to install) the OKX CLI and to use API keys or OAuth stored in your local OKX config, but the registry metadata does not advertise those requirements — that's the primary red flag. Before installing or using it: (1) verify the npm package @okx_ai/okx-trade-cli is the official OKX publisher and inspect its npm page and source; (2) prefer using OAuth or a restricted API key (least privilege, trading-only if possible) and never paste keys into chat; (3) inspect ~/.okx/config.toml to see what secrets are stored and where; (4) consider running the CLI and the skill in an isolated environment (container or VM) if you must install globally; (5) ask the publisher/source for a registry/install manifest to reconcile the missing install/credential declarations — the inconsistency should be resolved before trusting the skill.

Review Dimensions

Purpose & Capability: concernThe skill's purpose (manage OKX Grid/DCA bots) legitimately requires an OKX CLI and API credentials (or OAuth). The registry metadata, however, lists no required binaries, no install spec, and no primary credential, while the SKILL.md frontmatter and body both reference the 'okx' binary and require API credentials. The mismatch between declared registry requirements and the runtime instructions is inconsistent.
Instruction Scope: concernThe instructions direct the agent (or user) to install and run the okx CLI, run commands that reveal and depend on ~/.okx/config.toml and the CLI's auth state, and to perform browser OAuth flows. Reading the local OKX config and using CLI auth state is coherent with the skill's function but those file reads and secrets are not declared in the registry. The guide also references other internal docs (../_shared/preflight.md) and other skills to load, which may affect runtime behavior.
Install Mechanism: concernThere is no install spec in the registry, but the SKILL.md includes frontmatter and instructions to install @okx_ai/okx-trade-cli via npm (-g). This is an active install instruction (global npm install) from a namespaced package — not inherently malicious but the install expectation is undocumented in the registry and should be made explicit. Users should verify the package source and publisher before installing.
Credentials: concernThe skill states 'Requires API credentials' and the runtime commands access local CLI config (~/.okx/config.toml) and OAuth state, yet the registry declares no required env vars or primary credential. That omission is disproportionate: managing bots requires credentials and access to auth config; the registry should declare this explicitly. The instructions correctly warn not to paste credentials in chat, but the skill will rely on locally stored secrets.
Persistence & Privilege: okThe skill is not marked always:true and is instruction-only with no code files or automatic install in the registry. It does not request elevated persistent privileges in the registry. Runtime behavior will depend on local CLI state but the skill itself does not declare any system-wide persistence.