Orderly Api Authentication
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only authentication guide that discusses wallet signing and API keys for Orderly Network; the sensitive authority is clearly related to its stated purpose.
This looks like a documentation-only guide for Orderly authentication, not an executable package. Before using it, confirm you are on the correct Orderly mainnet/testnet endpoints, verify any wallet-signing request before approval, and protect or revoke Ed25519 API keys if they are exposed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user signs the wrong wallet message or mishandles an API key, an account or trading workflow could be affected.
The guide covers authentication steps that can authorize account-level and financial operations. This is expected for an Orderly authentication skill, but it is sensitive authority.
Wallet Authentication ... Account registration ... API key management (add/remove keys) ... Privileged operations (withdrawals, admin)
Only sign messages and create API keys for the intended Orderly environment and broker; verify domains, chain IDs, and requested permissions before approving.
An incorrectly scoped or exposed API key could be used to make authenticated requests on the user’s account.
The documentation explains how a generated signing key is used to authenticate future API calls, including trading and account-data requests. This is central to the skill’s purpose, but misuse of such keys can affect account actions.
Ed25519 key is used for all subsequent API calls
Use least-privilege API keys where supported, keep private keys out of shared prompts/logs, and revoke keys if they may have been exposed.