Orderly Onboarding
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent onboarding guide, but it asks users to enable an external Orderly MCP server via npx and persistent client configuration, so users should verify that package before installing.
This skill appears purpose-aligned for learning about Orderly Network and setting up its developer MCP tooling. Before installing, verify the @orderly.network/mcp-server npm package, consider pinning a specific version, and avoid sharing secrets or wallet/private trading information through MCP tool prompts.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the MCP server gives code from the external npm package a role in the user's AI tooling setup.
The skill tells users to run an external npm-hosted MCP server package that is not included in the artifact set; this is purpose-aligned but depends on external package provenance.
npx @orderly.network/mcp-server init --client <client>
Verify the npm package publisher and documentation before running the command, and consider pinning to a reviewed version instead of relying on the latest package.
The configured AI client may run the MCP server process when the client starts or when MCP tools are used.
The manual MCP configuration launches a local command through npx. This is disclosed and central to the MCP setup, but it is still local code execution from an external package.
"command": "npx", "args": ["@orderly.network/mcp-server@latest"]
Only add this configuration if you trust the package source; prefer a pinned version and remove the config if you no longer need the MCP server.
Prompts or task context related to Orderly development may be passed through the MCP tool interface.
The skill adds an MCP server as a tool provider for AI assistants. The described use is documentation-focused, but users should understand what queries or context their client may send to that tool.
The MCP server provides AI assistants with instant access to Orderly documentation, code patterns, and API references.
Avoid sending secrets, wallet keys, private trading data, or credentials through MCP tool prompts unless the server's data handling is reviewed and trusted.