Broadcast Signed Transaction
PassAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated purpose of broadcasting already-signed blockchain transactions, but users should treat it carefully because broadcasts are irreversible and it uses OKX API credentials.
Install only if you intend to broadcast already-signed transactions through OKX. Verify the transaction contents, chain, and sender before use, protect the OKX API credentials, and consider pinning the Python dependency in a virtual environment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong signed transaction, chain, or sender address is used, the on-chain result may be permanent.
The skill explicitly performs an irreversible blockchain broadcast. This is purpose-aligned, but a mistaken signed transaction can have permanent financial effects.
⚠️ 广播前确认 signedTx 内容正确:广播后**无法撤销**
Before running, decode or verify the signed transaction details, confirm the chain and sender, and require explicit user approval for the final broadcast.
Anyone with these OKX credentials may be able to use the associated OKX Web3 API permissions.
The skill requires OKX API credentials for authenticated broadcasting. This is expected for the OKX integration, but the credentials are sensitive account material.
`OKX_ACCESS_KEY` | OKX Web3 API Key ... `OKX_SECRET_KEY` ... `OKX_PASSPHRASE`
Use a least-privilege OKX Web3 API key, keep it out of logs and version control, and rotate it if it may have been exposed.
OKX receives the transaction details and the signed transaction that the user intends to broadcast.
The script sends the chain, sender address, and signed transaction to the OKX API endpoint. This is disclosed and necessary for broadcasting, but users should understand the data flow.
body_dict = {"chainIndex": chain_index, "address": address, "signedTx": signed_tx} ... requests.post(OKX_BASE_URL + BROADCAST_PATHOnly provide signed transactions you are ready to publish, and use this skill only with the intended OKX Web3 endpoint.
Installing an unexpected or compromised dependency version could affect the local Python environment.
The documented dependency install is unpinned and there is no install spec. This is a normal dependency for the HTTP client code, but version/provenance control is left to the user.
pip3 install requests
Install in a virtual environment and consider pinning `requests` to a trusted version.