ClawHub

Okx Agentic Wallet

Security checks across malware telemetry and agentic risk

Overview

This wallet skill appears purpose-built, but it needs Review because it can affect real funds while under-disclosing persistent Gas Station wallet changes and auto-installing a remote CLI.

Install only if you intentionally want an agent to operate an OKX Agentic Wallet with real transaction authority. Before using Gas Station, understand that first-time setup can persist per account and chain, and disabling Gas Station may not revoke the underlying on-chain delegation. Also review the remote CLI installer path and only proceed if you trust the OKX source and are comfortable with the agent downloading and running that installer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file contains contradictory user-facing instructions: it broadly bans mentioning internal mechanism terms like 7702, but later mandates a FAQ answer that explicitly says 'EIP-7702'. This inconsistency can cause the agent to reveal implementation details that the same policy elsewhere says must be hidden, weakening the safety boundary and making prompt behavior less predictable.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document first instructs the agent to never expose implementation details such as relayer internals, but later requires user-visible templates that explicitly reference the relayer. Conflicting disclosure rules are dangerous in an agent skill because they create ambiguous precedence, making it easier for adversarial prompts or edge cases to trigger unintended internal-detail disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented flow explicitly allows a one-time EIP-7702 wallet upgrade to occur transparently during a Gas Station send, without a distinct user-facing warning that the account is being upgraded to a smart-contract-capable state. Even if the backend decides when this is needed, bundling a persistent wallet-state change into an ordinary transfer increases the risk of uninformed consent, phishing-style abuse, and user confusion about why account behavior changed afterward.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal