OKX Competition Manager
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If live mode is enabled or the key is over-permissioned, the bot can place orders on the user's OKX account and cause financial loss.
The skill asks for credentials that can place trades and can be switched from demo to live mode, creating high-impact account authority.
OKX API key with trading permissions ... OKX_API_KEY=your_api_key ... OKX_SECRET_KEY=your_secret_key ... OKX_DEMO=true # set to false for live
Use demo-only keys first, keep live trading disabled unless explicitly intended, restrict API key scope and IPs, and avoid enabling withdrawal permissions.
The system can continuously open or modify positions, so a bad strategy, bad configuration, or market event could quickly create losses.
The skill is designed to place exchange orders repeatedly without per-trade approval, and it supports live trading.
Every 5 minutes: fetch prices → calculate signals → place orders
Run only in demo until the full implementation is inspected, add explicit dry-run/live-mode gates, set strict exchange-side limits, and keep a documented kill switch.
Users cannot verify from this skill package whether the trading logic, credential handling, stop-loss placement, or position caps are implemented safely.
The supplied package contains none of the Node/VBS implementation that SKILL.md says will manage credentials, strategies, and trades.
No install spec — this is an instruction-only skill. No code files present — this is an instruction-only skill.
Review the actual scripts before running them, pin and verify dependencies, and do not use live credentials with unreviewed local code.
The bot could continue trading after a crash, logout, or user forgets it is running.
The instructions create persistent background execution that can restart the trading process automatically.
Create guardian.vbs for zero-flash auto-restart ... Register in Task Scheduler: every 2 minutes, run as user, run whether logged in or not.
Only enable the scheduler intentionally, document how to disable it, monitor it actively, and avoid combining persistent execution with live trading until fully tested.
A single incorrect contract-value setting could make automated trades larger than intended.
The skill itself warns that a configuration error can directly affect position sizing in the automated trading loop.
Critical — wrong CT_VALS = wrong position size = losses
Verify CT_VALS against OKX for every asset before enabling trading, especially before any live-mode use.