critical
suspicious.generated_source_template_injection
- Location
- SKILL.md:47
- Finding
- User-controlled placeholder is embedded directly into generated source code.
okx-dex
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.generated_source_template_injection
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A user who signs generated transaction data without checking it could swap funds under unexpected parameters.
Why it was flagged
The script requests swap transaction data from OKX. This fits the skill's purpose, but swap transaction payloads are financially sensitive if a user later signs or broadcasts them.
Skill content
echo "4) Swap Transaction" ... "/api/v6/dex/aggregator/swap?...&amount=500000000000000000&swapMode=exactIn&slippagePercent=0.01&userWalletAddress=0xaa4e09ab283e207bd7171d924db2dda49315637b"
Recommendation
Review chain, token addresses, wallet address, amount, slippage, router, recipient, and transaction target in a trusted wallet before signing; do not treat generated transaction data as automatically safe.
What this means
If a user signs an approval transaction without checking spender and amount, they may grant unwanted token allowance.
Why it was flagged
The skill can request token approval transaction data. This is expected for DEX workflows, but approvals can grant token-spending rights if later signed.
Skill content
echo "5) Approval Transaction (with approve target)" ... "/api/v6/dex/aggregator/approve-transaction?chainIndex=1&tokenContractAddress=0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48&approveAmount=1000000000"
Recommendation
Confirm the approval spender, token contract, amount, and chain in the wallet UI before signing, and prefer minimal allowances.
What this means
The agent environment will need access to OKX API credentials to run these examples.
Why it was flagged
The skill requires OKX API credentials. This is expected for the OKX API, but the registry metadata says no required environment variables or primary credential, so users may not notice the credential requirement until reading the docs.
Skill content
| `OKX_API_KEY` | OKX API key | Yes | ... | `OKX_SECRET_KEY` | OKX API secret | Yes | ... | `OKX_PASSPHRASE` | OKX API passphrase | Yes |
Recommendation
Use least-privilege OKX API credentials, store them as environment variables or secrets rather than in prompts or files, and rotate them if exposed.
What this means
Package metadata may not accurately describe the reviewed file set.
Why it was flagged
The embedded metadata version differs from the registry version 1.0.0, lists a LICENSE file not shown in the supplied manifest, and does not list the included scripts/test_okx.sh. This appears to be a packaging/provenance inconsistency rather than malicious behavior.
Skill content
"version": "2.0.0", "files": [ "SKILL.md", "README.md", "LICENSE" ]
Recommendation
Verify the installed package contents and prefer a source repository or release process with consistent versioning and file manifests.
What this means
Unsafe customization of the helper could let malformed query values affect generated Python code.
Why it was flagged
The helper interpolates shell variables into a Python heredoc for signing. In the provided script the calls use fixed query strings, but adapting this pattern with unvalidated user-controlled parameters could create code-injection risk.
Skill content
python3 - <<PY
import hmac, hashlib, base64, os
msg = f"${TIMESTAMP}${METHOD}${PATH_WITH_QUERY}"Recommendation
Keep chain IDs, token addresses, wallet addresses, and amounts strictly validated, and prefer passing values to Python through environment variables or command-line arguments rather than interpolating them into source.