Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Okx Dex Trenches
v2.0.0Use this skill for meme/打狗/alpha token research on pump.fun and similar launchpads: scanning new token launches, checking developer reputation/开发者信息 and past...
⭐ 0· 105·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is instruction-only and delegates work to an external CLI (onchainos). Requiring/installing a CLI to perform on-chain scans is coherent with the stated purpose. However, registry metadata (no homepage/source) does not fully match SKILL.md attribution (references okx and https://web3.okx.com), which weakens provenance and should be verified before trusting downloads.
Instruction Scope
SKILL.md instructs the agent to call the GitHub API, download an installer script from raw.githubusercontent.com/releases and then execute it (sh /tmp/onchainos-install.sh or a Powershell equivalent). It also instructs verification of SHA256 checksums (good), but includes a tip that tells users to click 'Always Allow' for Keychain access — encouraging persistent credential access without prompting each time. The instructions read/write local paths (e.g., ~/.onchainos, ~/.local/bin/onchainos) and fetch network resources; while expected for installation, executing remote scripts and the Keychain guidance are scope-creep/risky.
Install Mechanism
No install spec in the registry, but the runtime instructions instruct downloading an installer from a GitHub repo and executing it. Using GitHub (raw.githubusercontent.com and releases) is an expected and reputable host, and SKILL.md requires checksum verification (positive). Still, executing a remote installer script is higher-risk than an instruction-only runtime; users should inspect the installer before execution and confirm the release source.
Credentials
The skill declares no required environment variables or credentials, which matches the manifest. However, the Wallet Tips explicitly encourage granting persistent Keychain access ('Always Allow') to store credentials — this is not strictly required by the skill manifest and could allow long-term access to secrets (wallet keys, API tokens) without re-prompting. The instructions also suggest creating a personal OKX API key if rate-limited, which is reasonable, but users should be cautious about where/when they store such keys.
Persistence & Privilege
The skill does not request 'always: true' and is not force-enabled. It does guide installing a persistent CLI binary (under user paths) and storing config/caches under ~/.onchainos, which is normal for a CLI. The main persistence concern is the guidance to allow permanent Keychain access, which increases the blast radius if the installed CLI or later interactions are compromised.
Scan Findings in Context
[NO_SCAN_DATA] expected: The regex-based scanner had nothing to analyze because this is an instruction-only skill (no code files). That's expected, but it means the installer script (downloaded at runtime) was not available for static analysis — increasing the importance of manual verification of the installer.
What to consider before installing
This skill mostly delegates work to an external CLI (onchainos) and tells the agent to download and run an installer script from GitHub. That is plausible for a CLI-backed tool, but before installing you should: 1) Verify the GitHub repository and release are official (author/organisation and release tags match OKX or another trusted maintainer). 2) Inspect the installer script (download it but don't run it blindly) and confirm the checksums and what the script does. 3) Do not blindly follow the 'Always Allow' Keychain tip — prefer to grant access only when needed or use temporary access prompts; persistent Keychain allowance can let software access stored secrets without your password. 4) Keep sensitive API keys out of checked-in files (.env -> .gitignore as suggested) and prefer creating scoped keys with minimal permissions. If you cannot confirm the repo's authenticity or review the installer, treat this skill as higher-risk and avoid running the installer or granting persistent credential access.Like a lobster shell, security has layers — review code before you run it.
latestvk977bkhxp6ps1xfbyk9j3yttrd835e3d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.