ClawHub

okx-cex-earn

Security checks across malware telemetry and agentic risk

Overview

This OKX Earn skill has a legitimate purpose, but it needs review because it can use live OKX credentials to move real funds and run recurring financial monitors with some disclosure and confirmation gaps.

Install only if you intend to let an agent use your OKX account for Earn operations with real funds. Use the least-privileged OKX profile possible, avoid withdrawal permission unless you truly need transfers, require the agent to restate live-mode and product terms before every write, and avoid enabling recurring monitors unless you are comfortable with repeated polling of your balances and positions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
This workflow explicitly instructs the agent to set up recurring `/loop` tasks that continuously monitor offers, balances, and positions and then notify the user. That creates autonomous background tasking beyond a single user-requested transaction, increasing the chance of persistent surveillance of financial data, unintended repeated actions, and scope creep if later combined with write-capable steps in the same workflow.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The flash-earn workflow adds hourly background monitoring with deduplicated notifications, which is an autonomous alerting capability not covered by core transactional Earn management. Even without direct fund movement, persistent monitoring of account-linked opportunities can normalize always-on agent behavior and expose users to unwanted financial nudging or privacy-sensitive polling.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description includes very broad trigger phrases such as generic references to idle funds, earning, fixed deposits, and wealth-management terms. In an agent router, this can cause the skill to activate for ambiguous financial conversations and steer users into high-risk authenticated trading/earn workflows they did not explicitly request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to always use live mode silently and not mention it unless there is an error. Because this skill contains write operations affecting real financial assets, suppressing a user-facing live-mode warning materially increases the risk of unintended real-money transactions and defeats informed consent.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The template instructs the agent to default all timestamp rendering to UTC+8 when the user's timezone is unknown, without obtaining user consent or clearly preserving the original timezone context. In a financial product skill, this can mislead users about purchase, expiry, redemption, or settlement times, increasing the risk of missed deadlines or mistaken decisions even if the issue is not directly exploitable as code execution.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The workflow says to execute `earn dcd quote-and-buy` immediately after product selection and amount confirmation, with no separate explicit confirmation step for the write operation because quote and execution are atomic. Dual-investment products are complex, price-sensitive financial instruments; skipping a final confirmation materially raises the risk of accidental commitment of funds under misunderstood terms or stale assumptions.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal