ClawHub

Okx Dex Swap

Security checks across malware telemetry and agentic risk

Overview

This swap skill appears purpose-built for OKX DEX trading, but it combines real wallet transaction authority with automatic remote CLI installation and some under-redacted diagnostics.

Install only if you trust the OKX/onchainos release source and are comfortable with a skill that can install a CLI and initiate real token approvals and swaps. Use a limited-purpose wallet, review token addresses, chain, amount, route, slippage, spender/approval details, and expected receive amount before signing. Avoid silent mode and do not use force unless you understand the fund-loss warning; redact wallet addresses or transaction details before sharing diagnostics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
The troubleshooting instructions direct the agent to collect and present wallet address, transaction details, and local CLI version in a diagnostic summary even though those fields are not strictly necessary for most user-facing swap failure handling. This creates unnecessary exposure of potentially sensitive metadata and environment details, increasing privacy risk and the chance of over-collection or inadvertent disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The `onchainos swap execute` command performs a live on-chain swap, including approval, signing, and broadcasting, but the reference section does not place a clear, explicit safety warning adjacent to the command that it will move assets and submit irreversible transactions. In a wallet/agent context, this increases the risk of accidental invocation or user misunderstanding, especially because the command is presented alongside read-only and calldata-only commands in the same CLI reference.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The diagnostic summary explicitly includes wallet address and detailed transaction metadata without warning the user that this information may be sensitive or publicly linkable. In a token-swap skill, this context makes the issue more concerning because wallet addresses can tie a user to trading behavior, balances, and on-chain activity, so exposing or echoing them unnecessarily creates privacy and operational security risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal