ClawHub

Okx Wallet Portfolio

Security checks across malware telemetry and agentic risk

Overview

This skill is mainly for OKX wallet portfolio lookups, but it needs review because it can automatically run an external installer and its documentation expands into wallet PnL and transaction-history queries.

Review before installing. Use it only if you trust OKX's onchainos release path and are comfortable with a local CLI being installed or updated from GitHub. Provide explicit wallet addresses, avoid using it for logged-in wallet access, and route PnL or DEX-history requests to the intended OKX market skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The reference file documents commands for wallet PnL, per-token profit, and DEX transaction history even though the skill manifest says this skill must not be used for PnL analysis or DEX-history tasks. That scope mismatch can cause an agent to invoke sensitive or out-of-policy capabilities, expanding data access beyond what users and orchestrators expect and potentially routing requests to the wrong skill.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The examples repeatedly use phrasing like "my wallet" while the manifest explicitly says this skill should not be used for requests about the user's own wallet unless the user provides an address. In an agent setting, examples strongly shape behavior, so these contradictory examples can cause the agent to bypass the intended skill boundary and query wallet data through the wrong pathway.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to download an installer script from the internet and execute it locally (`sh /tmp/onchainos-install.sh` / PowerShell equivalent). Although it includes checksum verification, this still creates a remote code execution path tied to external infrastructure and release metadata, and the user is not explicitly warned that arbitrary installer code will be run on their machine.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The documentation encourages querying wallet balances, transaction history, and PnL for arbitrary addresses without any privacy notice, consent guidance, or data-handling warning. While on-chain data is public, surfacing profiling-oriented endpoints without guardrails makes it easier for agents to collect and present potentially sensitive financial behavior in ways users may not expect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal