Okx Dex Ws
v2.2.10Use this skill when the user mentions 'onchainos ws', 'ws start', 'ws poll', 'ws stop', 'ws channels', 'ws session', 'ws channel-info', 'idle-timeout', 'idle...
⭐ 0· 129·0 current·0 all-time
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is clearly about OKX DEX WebSocket channels and provides CLI and custom-script guidance, which matches the name. However it references running the onchainos CLI (onchainos ws) and reading protocol reference files from other skills, yet the declared requirements list no required binaries, no environment variables, and no primary credential. That mismatch (documented CLI usage but no required-binary declaration) is inconsistent and may cause unexpected behavior or missing prerequisites at runtime.
Instruction Scope
SKILL.md explicitly instructs the agent to read local files outside the skill (../okx-agentic-wallet/_shared/preflight.md or _shared/preflight.md) and to load ws-protocol.md files from other skill directories. Those instructions give the agent permission to access other skills' files (which may contain secrets or wallet setup). It also states HMAC-SHA256 auth is required but does not state where keys come from. Reading arbitrary relative files and relying on unspecified credentials is scope creep and a potential secret-exfiltration vector.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That is lowest-risk from an install/execution perspective — nothing will be downloaded or written by the skill itself.
Credentials
The instructions require authenticated WebSocket access (HMAC-SHA256) and reference a wallet-related preflight file, but the skill declares no required environment variables or primary credential. This omission is disproportionate: using the service will require credentials (API keys, wallet secrets) which are neither documented nor scoped, increasing the risk that the agent will attempt to read sensitive local files to obtain them.
Persistence & Privilege
The skill does not request always:true and does not declare elevated persistence. Autonomous invocation is allowed (platform default). That by itself is not a red flag, but combined with instructions that access local wallet/preflight files it increases risk because an invoked agent could access sensitive files when this skill runs.
What to consider before installing
This skill appears to be a documentation/instruction bundle for OKX DEX WebSocket use, but has two practical issues you should resolve before installing or enabling it:
1) Missing prerequisites declaration: SKILL.md expects the 'onchainos' CLI and HMAC credentials but the skill does not declare required binaries or environment variables. Ask the author to explicitly list required binaries and how API keys/HMAC credentials are provided (env vars or secure vault).
2) File access risk: the instructions tell the agent to read ../okx-agentic-wallet/_shared/preflight.md (or an alternative path). That file may contain wallet/config secrets. Do NOT allow the agent access to your filesystem or this skill until you've inspected that preflight file yourself. If you must use the skill, run it in an isolated environment or verify the referenced preflight and protocol files contain no private keys or secrets.
Other practical steps:
- Confirm the source and integrity of the skill (homepage is missing and source is unknown).
- Require the skill author to document how authentication is handled and to declare any env vars (e.g., OKX_API_KEY/SECRET) rather than instructing implicit file reads.
- If you need similar functionality but want lower risk, prefer a skill that declares its dependencies and uses explicit, auditable env vars or a dedicated secrets manager.Like a lobster shell, security has layers — review code before you run it.
latest
Onchain OS DEX WebSocket — Unified Skill
Two ways to consume real-time DEX data:
- CLI (
onchainos ws) — start a background session, poll events incrementally. Best for monitoring and agent-driven workflows. - Script — write a custom WebSocket client in Python/Node/Rust. Best for bots and custom logic.
Pre-flight Checks
Read
../okx-agentic-wallet/_shared/preflight.md. If that file does not exist, read_shared/preflight.mdinstead.
Prerequisites
This skill references ws-protocol.md files from okx-dex-market, okx-dex-token, okx-dex-signal, and okx-dex-trenches. If a referenced file is not found, the corresponding skill may not be installed — inform the user and suggest installing the missing skill from the onchainos-skills plugin.
Approach 1: CLI (onchainos ws)
Discover Channels
onchainos ws channels # list all 9 supported channels
onchainos ws channel-info --channel <name> # detailed info + example for a channel
Start / Poll / Stop
onchainos ws start --channel <channel> [params] # start background session
onchainos ws poll --id <ID> [--channel <ch>] # pull new events
onchainos ws list # list sessions
onchainos ws stop [--id <ID>] # stop session(s)
Channel Quick Reference
| Channel | Group | Pattern | Required Params |
|---|---|---|---|
kol_smartmoney-tracker-activity | signal | global | (none) |
address-tracker-activity | signal | per-wallet | --wallet-addresses |
dex-market-new-signal-openapi | signal | per-chain | --chain-index |
price | market | per-token | --token-pair |
dex-token-candle{period} | market | per-token | --token-pair |
price-info | token | per-token | --token-pair |
trades | token | per-token | --token-pair |
dex-market-memepump-new-token-openapi | trenches | per-chain | --chain-index |
dex-market-memepump-update-metrics-openapi | trenches | per-chain | --chain-index |
Parameter Formats
--token-pair:chainIndex:tokenContractAddress(e.g.1:0xdac17f958d2ee523a2206206994597c13d831ec7)--chain-index: comma-separated chain IDs (e.g.1,501,56)--wallet-addresses: comma-separated addresses, max 200--idle-timeout: auto-stop if no poll within this duration (default30m;1h,2h,300s,0to disable)
Examples
# Smart money trade feed
onchainos ws start --channel kol_smartmoney-tracker-activity
# Track specific wallets
onchainos ws start --channel address-tracker-activity --wallet-addresses 0xAAA,0xBBB
# Token price monitoring
onchainos ws start --channel price --token-pair 1:0xdac17f958d2ee523a2206206994597c13d831ec7
# Buy signal alerts on Ethereum + Solana
onchainos ws start --channel dex-market-new-signal-openapi --chain-index 1,501
# New meme token launches on Solana
onchainos ws start --channel dex-market-memepump-new-token-openapi --chain-index 501
# K-line 1-minute candles
onchainos ws start --channel dex-token-candle1m --token-pair 1:0xdac17f958d2ee523a2206206994597c13d831ec7
Poll Filters (tracker channels only)
When polling kol_smartmoney-tracker-activity or address-tracker-activity, these filters are available:
--min-quote-amount,--min-market-cap,--min-pnl--trader(wallet address prefix match)--tag(smart_money or kol)--trade-type(buy or sell)--since(ms timestamp)
Approach 2: Custom Script
When the user wants to build a custom WebSocket client with their own logic, read the corresponding protocol reference file:
Market Data (price & candlestick streams)
Read: ../okx-dex-market/references/ws-protocol.md
Channels: price, dex-token-candle{period}
Token Data (detailed token streams)
Read: ../okx-dex-token/references/ws-protocol.md
Channels: price-info, trades
Signal & Wallet Tracking
Read: ../okx-dex-signal/references/ws-protocol.md
Channels: dex-market-new-signal-openapi, kol_smartmoney-tracker-activity, address-tracker-activity
Meme/Trenches
Read: ../okx-dex-trenches/references/ws-protocol.md
Channels: dex-market-memepump-new-token-openapi, dex-market-memepump-update-metrics-openapi
Common Protocol (all channels share)
- Endpoint:
wss://wsdex.okx.com/ws/v6/dex - Auth: HMAC-SHA256 login required before subscribing
- Heartbeat: send
"ping"every 25s, expect"pong" - Subscribe:
{"op": "subscribe", "args": [...]} - Unsubscribe:
{"op": "unsubscribe", "args": [...]}
Comments
Loading comments...