Broadcast Sign Transfer
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is openly designed to move crypto funds, but it asks for wallet private keys and OKX credentials in persistent plaintext and can broadcast irreversible transfers without clear confirmation safeguards.
Only install this if you intentionally want an agent-accessible tool that can send on-chain transfers. Use a dedicated low-balance wallet, avoid storing private keys in ~/.zshrc, verify every recipient and amount manually before broadcast, and prefer pinned dependencies in an isolated Python environment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses the wrong address, token, amount, or chain parameters, funds could be sent permanently and may not be recoverable.
The skill is designed to sign and broadcast irreversible blockchain transfers. The documentation warns that transfers cannot be undone, but does not specify a mandatory user confirmation or safety gate immediately before broadcasting.
本地签名(私钥不离开本机) → 通过 OKX API 广播到链上 ... ⚠️ 广播后的交易无法撤销
Require explicit final user confirmation showing chain, token, recipient, amount, gas estimate, and source wallet before any broadcast. Consider dry-run mode, spending caps, recipient allowlists, and disabling autonomous invocation for transfers.
Anyone or any process that can read the shell profile or environment may be able to access credentials, sign transfers, or interact with the OKX Web3 API.
The skill asks users to persist a wallet private key and OKX credentials in a plaintext shell profile. These credentials are full-authority for signing transfers and API access, and the registry metadata declares no required env vars or primary credential.
配置方式(写入 ~/.zshrc 永久生效): export WALLET_PRIVATE_KEY="0x你的私钥" ... export OKX_ACCESS_KEY="你的Key" ... export OKX_SECRET_KEY="你的Secret" ... export OKX_PASSPHRASE="你的Passphrase"
Avoid storing wallet private keys in ~/.zshrc. Use a dedicated low-balance wallet, a hardware wallet or secure keystore where possible, restrict file permissions, rotate exposed credentials, and declare these required credentials in metadata.
If terminal logs are captured or shared, request details or short-lived authorization material could be exposed.
The OKX request helper prints the request body and derived OKX access signature. The private key is not directly printed in the shown code, but these debug values can still be sensitive in shared logs.
print(f" [DEBUG] body: {body}")
print(f" [DEBUG] sign: {sign}")Remove debug printing by default, or guard it behind an explicit debug flag that redacts authorization-related fields and signed transaction payloads.
A future dependency change or compromised package source could affect a tool that handles wallet credentials and transactions.
The skill relies on external Python packages but does not provide pinned versions, a lockfile, or an install spec. This is common setup guidance, but it leaves dependency provenance and version drift to the user.
pip3 install requests web3
Install in a virtual environment, pin dependency versions, use a reviewed lockfile, and verify the package source before use.