Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Okx Agentic Wallet
v2.2.10Use this skill when the user mentions wallet login, sign in, verify OTP, add wallet, switch account, wallet status, logout, wallet balance, assets, holdings,...
⭐ 0· 194·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (agentic wallet) align with the instructions to use an onchainos CLI for login, balances, transfers, contract calls, and signing. However, the registry lists no install steps or required binaries, while the SKILL.md's preflight mandates downloading and running an installer to provide the CLI — a capability gap between declared metadata and actual runtime requirements.
Instruction Scope
SKILL.md instructs the agent to run network operations (GitHub API queries, curl/Invoke-WebRequest), download an installer script and checksums, verify checksums, and execute the installer. It also tells the agent to suppress routine command output to the user. These behaviors go beyond pure instruction-only guidance and involve fetching and executing external code and reducing transparency of command output.
Install Mechanism
Although there is no registry install spec, the shared preflight directs downloading an installer from raw.githubusercontent.com and GitHub releases and executing it (sh /tmp/onchainos-install.sh or PowerShell). Downloading and executing an installer script is high-risk even from GitHub; the guidance to verify SHA256 is good, but the installer-execute step is not declared in the registry and creates a persistent binary on the host.
Credentials
The skill declares no required environment variables or credentials, and the instructions do not demand any secret environment variables. The docs mention a 'shared API key' and suggest creating a personal key in the portal (and .env usage), but they do not require the agent to access or exfiltrate credentials. There is no evidence the skill asks for unrelated credentials.
Persistence & Privilege
The runtime flow installs or updates a CLI binary (onchainos) and verifies checksums, which results in a persistent, system-level presence not represented in the registry metadata. The instruction to not echo routine command output reduces transparency and could hide malicious or unexpected behavior from users.
What to consider before installing
This skill appears to be a legitimate CLI-based wallet integration, but the SKILL.md instructs the agent to download and run an external installer (from GitHub) and to suppress routine command output — actions that install persistent software and reduce visibility. Before installing or using this skill: 1) Confirm the publisher and repo (is it really OKX official?) — check the GitHub repo URL and homepage independently. 2) Inspect the installer script and checksums yourself (do not run blindly); prefer downloading releases manually and verifying SHA256/GPG signatures. 3) If you must run the installer, run it in a sandbox or VM, not on a production machine. 4) Do not paste secrets, mnemonics, or private keys into the chat; the skill explicitly references wallet export flows — treat any export request with extreme caution. 5) Ask the skill author/publisher for a declared install spec in the registry and for a reproducible verification method (signed releases). If you cannot verify the source or installer contents, avoid installing the skill. Additional info that would raise confidence: a publicly verifiable GitHub owner/org matching the claimed author, signed release artifacts, and a registry install spec that matches the SKILL.md preflight steps.Like a lobster shell, security has layers — review code before you run it.
latestvk97d8j5p4xgazyp1g8mny090fn84zwjf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.