OKX API
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a real OKX trading integration, but it gives an AI broad persistent access to live crypto-trading credentials and order actions, so it should be reviewed before use.
Install only if you are comfortable giving an agent access to your OKX account. Start with OKX_DEMO=1 or read-only API keys, avoid withdrawal permissions, use IP allowlisting, require manual confirmation for every live order, and remove the unrelated .claude settings file before use.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If live OKX credentials are configured, an agent using this skill could place, amend, or cancel real crypto orders with financial consequences.
The skill explicitly enables live account-mutating trade operations. The artifacts include an example script with a live-trading prompt, but the SKILL guidance itself does not require confirmation, limits, or sandbox mode before an agent-generated live order.
| Place order | POST | `/api/v5/trade/order` | ... | Amend order | POST | `/api/v5/trade/amend-order` | ... | Cancel order | POST | `/api/v5/trade/cancel-order` |
Require explicit human confirmation showing instrument, side, order type, price, size, and live/sandbox status before every non-read-only action. Default to demo mode, add trade-size limits, and separate read-only from trading credentials.
A mistaken prompt, model error, or later instruction could use the same credentials against OKX endpoints outside the documented scope, subject to whatever permissions the API key has.
The signed helper accepts an arbitrary OKX API path and method and sends authenticated requests without enforcing an allowlist of the skill's documented in-scope endpoints.
def make_request(method: str, path: str, ...): ... url = BASE_URL + full_path ... response = requests.request(method, url, headers=headers, ...)
Restrict the helper to documented read-only and trading endpoints, or provide separate narrowly scoped helpers for market data, account read, and order mutation.
Other tasks or skills running in the same agent environment may be able to access OKX trading credentials, not just the specific OKX action the user intended.
The skill instructs users to store high-impact exchange credentials in a global OpenClaw environment available to every agent session. Registry metadata also declares no required env vars or primary credential, so this authority is not surfaced in the metadata contract.
"OKX_API_KEY": "your-api-key", "OKX_SECRET_KEY": "your-secret-key", "OKX_PASSPHRASE": "your-passphrase" ... OpenClaw automatically injects these into every agent session.
Declare the credential requirements in metadata, avoid global injection when possible, use dedicated low-privilege OKX API keys, enable IP allowlisting, disable withdrawal permissions, and use read-only keys unless trading is required.
In environments that honor this settings file, an agent may have fewer prompts before pushing to a Git remote while working in this repository.
The package includes a local agent settings file granting an unrelated git-push Bash permission. There is no evidence OpenClaw will execute it automatically, but it is not aligned with the OKX API skill purpose.
"allow": [ "Bash(git push origin main)" ]
Remove local development permission files from the distributed skill package unless they are necessary and clearly documented.