Skillv1.1.8

ClawScan security

okx-cex-market · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 3:27 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (public OKX market data via an `okx` CLI) is plausible and mostly consistent, but there are small inconsistencies and an install-time risk that the user should review before installing the CLI it recommends.
Guidance: This skill appears to be what it says (public OKX market data), but take these precautions before installing: (1) Verify the npm package scope/name (@okx_ai/okx-trade-cli) on the official npm registry and confirm the publisher is legitimate. (2) Inspect the package (or its repository) for unexpected behavior — especially any code that performs account actions, network exfiltration, or reads local credential files. (3) Prefer installing in a sandboxed environment (container or VM) if you are unsure. (4) If you have OKX API keys or CLI config on your machine, be aware the installed CLI may be able to use them; remove or isolate credentials if you only want read-only market access. (5) Resolve the metadata mismatch (registry said no install spec while SKILL.md contains an install block) — ask the skill author to clarify or provide a canonical install URL or checksum. If the publisher and package are verified and you accept the global-install risk, the skill is functionally coherent.

Review Dimensions

Purpose & Capability: noteThe skill claims to provide public, read-only OKX market data and the SKILL.md shows only read-only command examples. Requiring an `okx` CLI to fetch market data is reasonable. Minor note: the CLI package name (@okx_ai/okx-trade-cli) implies trading capabilities beyond read-only market calls, so installing that package could install functionality not restricted to read-only actions.
Instruction Scope: okThe runtime instructions only show read-only market commands and do not instruct the agent to read unrelated files, secrets, or system configuration. There is no instruction to access environment variables or user files beyond installing and running the CLI.
Install Mechanism: concernSKILL.md includes an npm install recommendation (global install of @okx_ai/okx-trade-cli). Installing a third-party npm CLI globally is a moderate-risk action because it writes executables to the system and the package may include non-read-only capabilities. Also: the registry metadata earlier listed 'No install spec — instruction-only', but SKILL.md contains an embedded install metadata block; that mismatch should be resolved. No direct URL or checksum is provided — verify the npm package publisher and contents before installing.
Credentials: noteThe skill requests no environment variables or credentials — this is proportionate to public market data. However, if you already have OKX API credentials configured on the machine (CLI config files, environment, or credential helper), the installed CLI could potentially use them. The SKILL.md does not request or read credentials itself.
Persistence & Privilege: okThe skill does not request permanent presence (always:false) and does not declare system config path access. It simply recommends installing a CLI; it does not instruct the agent to modify other skills or system-wide agent settings.