Back to skill

Security audit

Okx Growth Competition

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OKX trading-competition helper, but it can use a logged-in wallet to make real trades and claim rewards on-chain.

Install only if you trust the OKX/onchainos wallet tooling and understand that trade and claim actions can submit irreversible blockchain transactions. Before proceeding, confirm the active wallet account, competition name, token contract, chain, expected amount, gas costs, and any eligibility impact from wallet export.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill metadata explicitly says it should not be used for wallet login or wallet export, yet later includes a wallet export flow that asks for confirmation and then proceeds. This kind of scope contradiction is dangerous because agents may expose or transfer sensitive wallet material under a skill the user would reasonably believe cannot perform export-related actions.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The skill goes beyond competition management by performing token contract lookup and direct swap execution. That materially expands the action surface from informational competition workflows into value-moving trading operations, increasing the risk of unintended trades, misuse through prompt injection, or user confusion about what this skill is authorized to do.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The document claims trading should be delegated to okx-dex-swap, but the actual instructions tell the agent to execute swaps itself via `swap_swap`. This inconsistency can cause an agent or reviewer to misunderstand the true privileges of the skill, masking transaction-capable behavior inside a supposedly narrower competition-management wrapper.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The `claim` flow explicitly signs and broadcasts on-chain transactions, yet the reference presents it mainly as a reward claim operation without a prominent user warning that real blockchain transactions will be executed. In an agentic context, this increases the risk of users authorizing unintended transactions or underestimating the consequences, especially because the flow is described as atomic and automated through TEE session signing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.