Skillv2.4.0

ClawScan security

Okx Dex Bridge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 21, 2026, 1:39 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is generally coherent for wrapping an onchainos cross-chain CLI, but it directs the agent to download and execute a remote installer and contains a few mismatches and silent-fallback behaviors that warrant caution before installing.
Guidance: This skill appears to be a wrapper for the OKX 'onchainos' CLI and is mostly coherent, but take these precautions before installing/using it: 1) Verify provenance — confirm the skill's author/homepage and the GitHub repository referenced in the preflight match the official OKX project; the registry metadata showed 'unknown' which conflicts with SKILL.md. 2) Review the installer script and checksums yourself before running anything the skill instructs to execute, or perform installation manually in a sandbox/VM. The preflight downloads and runs a remote installer (from raw.githubusercontent.com) — the SKILL.md recommends checksum verification, which you should enforce. 3) Be aware the skill suppresses raw CLI errors and may silently fall back to bundled static data on some failures; this can hide issues or differences between live results and static behavior. 4) If you want to reduce risk, pre-install the onchainos binary yourself from the official release and avoid letting the skill run remote installers. 5) If you need stronger assurance, request the skill publisher/source or a signed release URL and verify signatures/checksums out-of-band. If you cannot verify these, consider running the skill only in an isolated environment.

Review Dimensions

Purpose & Capability: noteThe SKILL.md instructions and command set match the described purpose (cross-chain quotes, execute, calldata, status, etc.) and rely on the onchainos CLI as expected. However, registry metadata lists source/homepage as unknown while the skill frontmatter claims author 'okx' and homepage 'https://web3.okx.com' — an inconsistency worth verifying. No unrelated environment variables or config paths are requested, which is proportionate to the stated purpose.
Instruction Scope: concernThe runtime instructions require invoking the onchainos CLI for all operations and mandate a preflight routine that fetches and may install the CLI. The preflight also instructs the agent to 'Do NOT show raw CLI error output' and to silently fall back to static data if certain CLI commands fail — behavior that can hide underlying failures or differences between live and static data. The instructions also read shared skill files in the bundle (preflight and chain-support), which is expected, but the silent-fallback and suppression of raw errors increases risk and reduces transparency.
Install Mechanism: noteThis is an instruction-only skill (no declared install spec), but its preflight explicitly downloads an installer and checksum files from GitHub (raw.githubusercontent.com and release assets) and tells the agent to execute the installer script. Using GitHub releases/raw is a standard provenance source, and the SKILL.md recommends verifying SHA256 checksums before execution — a mitigating step — but executing a remote installer still carries elevated risk. The skill does not bundle or pin the installer content, and the install is driven by runtime network requests.
Credentials: noteThe skill does not declare any required environment variables or credentials. The preflight references a 'shared API key' rate limit and suggests creating a personal key at the OKX Developer Portal and optionally placing it in a .env (with .gitignore advice). This is optional guidance, not a declared requirement, and there are no unrelated credential requests in the manifest — proportional to the skill's purpose.
Persistence & Privilege: okThe skill does not request 'always: true' and is user-invocable only. The preflight will create/read local cache and binary paths (~/.onchainos/last_check, ~/.local/bin/onchainos) and may install a binary into the user's environment; this is consistent with installing a CLI and is not an elevated or cross-skill privilege by itself. Still, installing a binary implies write access to user disk and future CLI executions.