okx-dex
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 1 The OpenClaw skill 'okx-dex' is designed to interact with the official OKX DEX aggregator API for cryptocurrency operations. It uses standard tools (`curl`, `jq`, `python3`) to fetch data and construct authenticated API requests to `https://web3.okx.com`. API credentials (`OKX_API_KEY`, `OKX_SECRET_KEY`, `OKX_PASSPHRASE`) are securely accessed from environment variables for HMAC signing and authentication headers, with no evidence of exfiltration or insecure handling. Crucially, the `SKILL.md` includes 'Safety Rules' that explicitly instruct the AI agent to display swap details, warn about risks, and 'NEVER execute without explicit user confirmation,' actively mitigating prompt injection risks and promoting transparency.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user who signs generated transaction data without checking it could swap funds under unexpected parameters.
The script requests swap transaction data from OKX. This fits the skill's purpose, but swap transaction payloads are financially sensitive if a user later signs or broadcasts them.
echo "4) Swap Transaction" ... "/api/v6/dex/aggregator/swap?...&amount=500000000000000000&swapMode=exactIn&slippagePercent=0.01&userWalletAddress=0xaa4e09ab283e207bd7171d924db2dda49315637b"
Review chain, token addresses, wallet address, amount, slippage, router, recipient, and transaction target in a trusted wallet before signing; do not treat generated transaction data as automatically safe.
If a user signs an approval transaction without checking spender and amount, they may grant unwanted token allowance.
The skill can request token approval transaction data. This is expected for DEX workflows, but approvals can grant token-spending rights if later signed.
echo "5) Approval Transaction (with approve target)" ... "/api/v6/dex/aggregator/approve-transaction?chainIndex=1&tokenContractAddress=0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48&approveAmount=1000000000"
Confirm the approval spender, token contract, amount, and chain in the wallet UI before signing, and prefer minimal allowances.
The agent environment will need access to OKX API credentials to run these examples.
The skill requires OKX API credentials. This is expected for the OKX API, but the registry metadata says no required environment variables or primary credential, so users may not notice the credential requirement until reading the docs.
| `OKX_API_KEY` | OKX API key | Yes | ... | `OKX_SECRET_KEY` | OKX API secret | Yes | ... | `OKX_PASSPHRASE` | OKX API passphrase | Yes |
Use least-privilege OKX API credentials, store them as environment variables or secrets rather than in prompts or files, and rotate them if exposed.
Package metadata may not accurately describe the reviewed file set.
The embedded metadata version differs from the registry version 1.0.0, lists a LICENSE file not shown in the supplied manifest, and does not list the included scripts/test_okx.sh. This appears to be a packaging/provenance inconsistency rather than malicious behavior.
"version": "2.0.0", "files": [ "SKILL.md", "README.md", "LICENSE" ]
Verify the installed package contents and prefer a source repository or release process with consistent versioning and file manifests.
Unsafe customization of the helper could let malformed query values affect generated Python code.
The helper interpolates shell variables into a Python heredoc for signing. In the provided script the calls use fixed query strings, but adapting this pattern with unvalidated user-controlled parameters could create code-injection risk.
python3 - <<PY
import hmac, hashlib, base64, os
msg = f"${TIMESTAMP}${METHOD}${PATH_WITH_QUERY}"Keep chain IDs, token addresses, wallet addresses, and amounts strictly validated, and prefer passing values to Python through environment variables or command-line arguments rather than interpolating them into source.