← Back to Skills Marketplace
Okx Security
by
ok-james-01
· GitHub ↗
· v2.6.0
· MIT-0
338
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install okx-security
Description
Use this skill for security scanning: check transaction safety, is this transaction safe, pre-execution check, security scan, token risk scanning, honeypot d...
Usage Guidance
This skill appears to implement legitimate on-chain security checks, but its runtime instructions require downloading and executing an installer from GitHub and manipulating files in your home directory — actions not declared in the registry metadata. Before installing or letting an agent run this skill: 1) Inspect the referenced GitHub repo (https://github.com/okx/onchainos-skills) and confirm it is the official source; 2) Manually review the install.sh / install.ps1 contents and the checksum files before running; 3) Prefer manual installation of the onchainos binary (and verify checksums yourself) rather than letting the agent run a remote installer; 4) Be cautious about wallet/session access: never paste private keys or raw seed phrases into the agent, and confirm what wallet session access the agent actually needs; 5) If you require stricter controls, disallow autonomous invocation for this skill or run it only in a sandboxed environment. These steps reduce the risk of executing tampered installers or inadvertently exposing secrets.
Capability Analysis
Type: OpenClaw Skill
Name: okx-security
Version: 2.6.0
The skill bundle contains an automated installation and update mechanism in SKILL.md that fetches and executes remote shell scripts (install.sh) and PowerShell scripts (install.ps1) from GitHub (okx/onchainos-skills). While the process includes SHA256 checksum verification and is intended to maintain a security tool, the 'curl | sh' pattern and the execution of remote artifacts represent a significant supply-chain risk and high-privilege execution surface. The remaining files (references/*.md) provide legitimate and detailed logic for blockchain security scanning, honeypot detection, and transaction simulation.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description (token/dApp/tx/sig/approval scanning) aligns with the documented commands and return fields in SKILL.md and referenced docs. The CLI commands (onchainos security ...) are coherent with the skill's purpose.
Instruction Scope
The SKILL.md contains explicit runtime installation and update steps that instruct fetching release metadata from the GitHub API, downloading installer scripts/archives from raw.githubusercontent.com and github.com, verifying checksums, and executing install scripts. It also references and reads local paths (~/.onchainos/last_check, ~/.local/bin/onchainos, $env:TEMP, etc.), requires access to wallet status and balance commands (agentic wallet session), and instructs suppressing routine command output. These are more than simple CLI invocations and expand the agent's runtime actions to network fetches, filesystem reads/writes, and executing arbitrary installer scripts.
Install Mechanism
Although the registry lists no install spec, the instruction file mandates downloading and executing an install script and release artifacts from GitHub (raw.githubusercontent.com and github.com/releases). Download-and-run behavior is high-risk even when using GitHub; the doc mitigates risk by instructing SHA256 checksum verification, but the install step still executes remote code at runtime and writes binaries to user directories. The skill hides this (no declared install in metadata), which is an inconsistency.
Credentials
The skill declares no required environment variables or primary credential, yet the instructions assume: access to an Agentic Wallet session (onchainos wallet status), the ability to query balances/portfolio, and the possible use/storage of API keys (mentions shared API key throttling and recommends creating a personal key in a .env). The lack of declared credentials/config-paths while expecting wallet/session state and potential .env secrets is a mismatch.
Persistence & Privilege
Runtime behavior installs a binary into user-local paths and reads/writes local cache files. The skill is not flagged always:true, but it still requests the agent to perform persistent system changes (download/install/verify/run a CLI) and could be invoked autonomously; combined with remote installer execution this increases blast radius compared to an instruction-only skill that simply calls existing local tools.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install okx-security - After installation, invoke the skill by name or use
/okx-security - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.6.0
- Version updated to 2.6.0.
- No file changes detected in this release.
v2.4.0
okx-security v2.4.0
- Version bump to 2.4.0; no user-facing file changes detected.
- All skill behaviors, logic, and documentation remain unchanged from the previous version.
v2.2.10
Version 2.2.10
- Updated skill metadata version to 2.2.10.
- Clarified pre-flight step 1 to skip install/update if GitHub API fails and onchainos is installed; continue directly to version check.
- Improved version drift check instructions to always run, even if step 1 fails.
- Refined risk action priority rules by breaking out separate sections for tx-scan/sig-scan and token-scan risk handling.
- Enhanced clarity and wording throughout pre-flight checks and risk management sections.
v2.2.7
- Updated skill version to 2.2.7.
- Removed the Wallet Tips feature and associated user interaction logic.
- Updated and clarified the Fail-safe Principle: now, if a security scan fails to complete, the agent must ask the user whether to retry or proceed without scan results, and display a clear warning if proceeding.
- Enhanced instructions on error handling: emphasized auditability and letting the user decide explicitly when scan results are unavailable.
- Expanded documentation for supported chain names and indices.
- Added/updated stepwise command flow for risk scanning, installation, and integrity checks.
v2.0.0
okx-security 2.0.0
- Major update: strengthened installation, update, and verification logic for all security scan commands.
- Now performs strict pre-flight checks: resolves latest release, downloads and verifies installer and binary, and checks binary integrity before each use.
- Provides clear error handling and safety-first fail-safe behavior: if any scan fails for any reason, the associated transaction is blocked and the user is notified.
- Adds prioritized risk actions (`block` > `warn` > safe) with explicit explanations and required confirmations.
- Expanded usage documentation: covers command triggers, risk reporting, scan types (token, dapp, tx, signature, approvals), and supported chains.
- Adds randomly selected wallet safety tips after the first wallet-related action in each session.
Metadata
Frequently Asked Questions
What is Okx Security?
Use this skill for security scanning: check transaction safety, is this transaction safe, pre-execution check, security scan, token risk scanning, honeypot d... It is an AI Agent Skill for Claude Code / OpenClaw, with 338 downloads so far.
How do I install Okx Security?
Run "/install okx-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Okx Security free?
Yes, Okx Security is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Okx Security support?
Okx Security is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Okx Security?
It is built and maintained by ok-james-01 (@ok-james-01); the current version is v2.6.0.
More Skills