Skillv1.0.0

ClawScan security

Okx Payments · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 6:44 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions generally match an OKX payments integration, but it asks the user to run remote install scripts and to provide sensitive API credentials while the registry metadata claims no required env vars — these inconsistencies and the pipe-to-shell installs are cause for caution.
Guidance: This skill appears to be an interactive setup guide for OKX x402 payments and largely does what it says, but take the following precautions before installing or running anything it recommends: - Verify the publisher and URLs: the install instructions pull scripts from raw.githubusercontent.com and reference OKX repos. Confirm those GitHub repos and the publisher identity yourself (visit the project URLs directly in a browser, review the repo history and owners). - Don't blindly run pipe-to-shell commands (curl | sh or irm | iex). Download the install script, inspect it locally, and run it in a controlled environment (e.g., disposable VM or container) first. - The SKILL.md asks for sensitive API credentials (OKX_API_KEY, OKX_SECRET_KEY, OKX_PASSPHRASE). The registry metadata claims no required env vars — ask the publisher why credentials weren't declared. If you proceed, use least-privilege or dev/test keys and rotate them afterward. - Avoid committing .env or credentials to source control. Follow the SKILL.md advice to never commit credentials. - If you need stronger assurance, request a signed/published release (GitHub release tarball), or ask the publisher for an install artifact you can audit, rather than running raw install scripts. If you are uncomfortable with running remote installers or supplying API secrets, do not install; instead request more provenance (publisher identity, release tags, and a vetted install artifact) or perform the installation in an isolated sandbox.

Review Dimensions

Purpose & Capability: noteName and description match the instructions: buyer installs OnchainOS CLI/skill and seller implements a server using OKX payment SDKs. However the SKILL.md enumerates required environment variables for the seller (OKX_API_KEY, OKX_SECRET_KEY, OKX_PASSPHRASE, PAY_TO_ADDRESS) while the registry metadata lists no required env vars — that's an inconsistency between claimed requirements and runtime instructions.
Instruction Scope: concernThe runtime instructions instruct the agent/user to fetch remote scripts (curl|sh and PowerShell irm|iex) and to fetch reference files from raw.githubusercontent.com. Those network actions and running remote installers are expected for installing CLIs, but they expand the agent's runtime surface substantially. The SKILL.md does not instruct reading unrelated local files, but it does direct the user to supply and use sensitive API credentials for the seller path.
Install Mechanism: noteNo install spec is included in the registry (instruction-only), but SKILL.md recommends piping an install script from raw.githubusercontent.com and using npx to add a skill. The GitHub raw URL is a known host (lower risk than an arbitrary host), but pipe-to-shell (curl|sh, irm|iex) is high-risk practice and should be audited before running.
Credentials: concernThe credentials requested in SKILL.md (OKX_API_KEY, OKX_SECRET_KEY, OKX_PASSPHRASE, PAY_TO_ADDRESS) are appropriate for a payments seller integration, but the registry declares no required env vars or primary credential. That mismatch is an important coherence issue: the skill runtime expects sensitive secrets that are not declared in the registry metadata. Treat these as sensitive and provide least-privilege / dev-only keys if proceeding.
Persistence & Privilege: okThe skill is instruction-only, not always-enabled, and does not request permanent always:true privilege or cross-skill config changes. It relies on user-installed CLIs/plugins, so it does not itself declare elevated platform persistence.