ClawHub

okx-cex-trade

Security checks across malware telemetry and agentic risk

Overview

This OKX trading skill is transparent about real trading access, but needs review because it includes trade-direction recommendations and some scope-boundary conflicts around market-data analysis.

Review before installing if you plan to connect live OKX credentials. Use demo mode first, confirm every instrument, side, size, order type, leverage, and live/demo profile before execution, and do not treat the skill's UP/DOWN event-contract recommendations as financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The workflow instructs the agent to perform directional analysis and recommend UP or DOWN with a confidence level, which expands the skill from trade execution into investment/advisory behavior. In a trading skill, this is risky because users may rely on agent-generated recommendations as financial advice, creating suitability, compliance, and harm risks beyond the tool's stated execution scope.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This file directly invokes market-data commands from another skill domain (`okx market index-candles`) despite the metadata explicitly saying this skill should not be used for market data. That cross-skill expansion can bypass intended capability boundaries and cause the agent to perform unapproved analysis steps under trading authority.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The workflow directs the trade skill to invoke `okx bot grid-orders`, which contradicts the manifest boundary that explicitly says this skill must not be used for bots. Violating skill boundaries can cause the wrong capability set to be exercised, leading to unintended bot enumeration or management actions and weakening safety controls that rely on strict skill separation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file documents direct order-placement commands for leveraged futures trading without requiring an explicit confirmation or a prominent loss-risk warning. In an agent setting, this increases the chance of unintended or impulsive execution of real trades, especially when API credentials are available and the skill is meant to act on user prompts.

Missing User Warnings

High
Confidence
97% confidence
Finding
The `futures close` command closes the entire position at market price, yet the documentation does not prominently warn that this can immediately and irreversibly liquidate a user's exposure at current market conditions. In an agent-controlled trading skill, omission of a strong warning and confirmation requirement makes accidental full-position exits materially dangerous and capable of causing substantial financial loss.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This section documents commands that can place, amend, and cancel live perpetual orders, including full-position closes and market execution, without an explicit warning that these are real trading actions with immediate financial consequences. In an agent skill context, omission of a strong risk/confirmation requirement can make unsafe automation more likely, especially for irreversible or market-impacting actions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This reference document enumerates high-risk trading actions such as placing, amending, and canceling spot, swap, futures, and options orders, including leverage and algorithmic TP/SL flows, without any explicit financial-risk warning, account-impact notice, or user-confirmation guidance. In an agent skill that is specifically designed to execute live OKX trades using API credentials, the omission increases the chance of unsafe or unintended real-money actions being carried out without adequate user awareness.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal