OKX Trading with Permission Gate
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with live OKX credentials, the agent can place real crypto trades within the skill's workflow and guardrails.
The skill requires trade-capable OKX API credentials. This is purpose-aligned for a trading skill, but it is sensitive authority over a financial account.
Create a key with **Trade** permission... export OKX_API_KEY=... export OKX_API_SECRET=... export OKX_API_PASSPHRASE=...
Start with OKX demo mode, use the smallest practical trade caps and allowed-symbol lists, avoid withdrawal permissions, and only switch to live credentials after testing.
A confirmed grid can continue trading automatically according to its configured bounds, which may affect account balances without repeated chat confirmations.
After a user confirms a grid setup once, later grid maintenance can place follow-on orders without a separate YES for each individual restock.
Subsequent fills are handled by okx_grid_step.py without further confirmation.
Use conservative grid sizes, position caps, min-profit gaps, and max-rescale limits; periodically review active strategies and stop grids you no longer want running.
Anyone with access to the local account running the agent may be able to inspect trading state, snapshots, and short-lived pending proposal data.
The skill stores local pending confirmation data, strategy state, account snapshots, and audit logs. This is disclosed and purpose-aligned, but it creates persistent local records of trading activity.
~/.aeon/okx/ pending/<id>.json ... strategies/<id>.json ... snapshots/<date>.json ... grid_audit.jsonl
Run the agent under a protected OS user, keep ~/.aeon permissions restricted, and delete old snapshots or strategy state if you no longer need them.
Installing later dependency versions could introduce unexpected bugs or behavior changes in a financial trading workflow.
The dependency versions are specified with lower bounds rather than pinned exact versions. This is common for Python tooling but means future package versions could change behavior.
python-okx>=0.4.0 numpy>=1.24
For live trading, consider pinning and testing exact dependency versions in a controlled environment before use.