Okx Growth Competition
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: okx-growth-competition Version: 3.1.3 The skill bundle facilitates the full lifecycle of OKX trading competitions, including discovery, registration, leaderboard tracking, and reward claiming. The instructions in SKILL.md are highly prescriptive, mandating specific output templates and enforcing 'ground truth' product rules (such as hardcoded Solana support and a 'Wallet Export Guard' that warns users against exporting wallets during active competitions). While these instructions strictly control the agent's behavior and override backend data in specific scenarios, they appear to be legitimate business logic for the OKX ecosystem rather than malicious prompt injection. The underlying CLI tools described in references/cli-reference.md utilize a TEE (Trusted Execution Environment) for secure transaction signing, and no indicators of data exfiltration, unauthorized execution, or backdoors were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Claiming may create irreversible on-chain transactions and may spend gas or other fees.
The claim command is designed to sign and broadcast blockchain transactions. That is expected for claiming rewards, but it is a high-impact wallet action.
**Atomic** claim flow: pre-checks `rewardStatus`, fetches calldata, signs each entry with the TEE session, broadcasts on-chain, and returns txHash array. **Requires wallet login.**
Only claim after confirming the activity ID, reward, chain, and active wallet. Prefer a visible transaction preview or wallet confirmation where available.
The active OKX Agentic Wallet account and wallet addresses may be used to register for competitions or claim rewards.
Joining a competition uses the active wallet login session and selected account identity. This is purpose-aligned, but it means the skill depends on sensitive wallet/account state.
`accountId` | `wallet_store.selected_account_id` (from login session)
Confirm which wallet/account is active before joining or claiming, especially if multiple accounts are configured.
Important setup or safety behavior may depend on local shared files not included in this review.
The skill references a shared preflight instruction file outside the provided file manifest. That may be normal shared OKX guidance, but it is not reviewable in the supplied artifacts.
Read `../okx-agentic-wallet/_shared/preflight.md`. If missing, read `_shared/preflight.md`.
Verify the installed shared preflight file and ensure the skill comes from a trusted OKX/ClawHub source before using wallet actions.
A user could trade on Solana believing it counts for a competition even if future official rules change.
The skill hardcodes a product rule that may override a narrower backend `chainName`. It is disclosed as an invariant, but if it becomes stale it could mislead trading decisions.
Every active competition runs simultaneously on Solana AND the chain returned by the backend ... NEVER answer "Does Solana count for this competition?" with anything other than YES.
For financially significant trades, verify the current official competition rules in OKX before relying on the hardcoded chain guidance.