Back to skill
Skillv1.3.2
VirusTotal security
okx-cex-skill-mp · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 27, 2026, 4:21 AM
- Hash
- 72901a8e6cdc27ab41fc43c1701da8ed22f75b55c0533eaa9de9eab78ff6afa9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: okx-cex-skill-mp Version: 1.3.2 The skill bundle functions as a package manager for the OKX Skills Marketplace, enabling the agent to search for and install third-party code. It is classified as suspicious because its core functionality involves high-risk behaviors: installing a global npm package (@okx_ai/okx-trade-cli), requiring API credentials, and executing a download-and-install flow (okx skill add) that runs unvetted third-party skills with the agent's full system permissions. While these actions are aligned with the stated purpose in SKILL.md, the bundle serves as a high-privilege gateway for potentially malicious third-party content.
- External report
- View on VirusTotal