← Back to Skills Marketplace
627
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install okx-trading-exe
Description
A standardized adapter gateway skill exclusively for OKX exchange to execute trading actions (buy/sell) and query capabilities across OKX Live and Demo envir...
Usage Guidance
This skill's code appears to be what it claims (an OKX trading adapter) and will need your OKX API key, secret, and passphrase to place orders. Before installing or running: (1) Do not paste live API credentials into a project folder unless you understand the risk — prefer platform-managed secrets or environment variables outside the project tree. (2) Verify the API key permissions (restrict to trading/read as required; avoid withdrawal permission). (3) Because the registry metadata does not declare the required secrets, treat this as a packaging/declared-permissions mismatch — ask the maintainer to update metadata. (4) Review and test against the demo provider first (okx_demo) with keys that have no live-fund risk. (5) If you want the agent to prompt a human for keys, update the runtime flow (execute.py currently exits on missing creds). If you cannot inspect or trust the maintainer, avoid supplying live credentials.
Capability Analysis
Type: OpenClaw Skill
Name: okx-trading-exe
Version: 0.1.1
The skill's Python code appears to be a legitimate OKX trading client, handling API keys and making requests to `https://www.okx.com` as expected. However, the `SKILL.md` file contains explicit prompt injection instructions for the AI agent. It directs the agent to detect missing API keys, interrupt its current task, ask the human user for sensitive `API_KEY`, `API_SECRET`, and `PASSPHRASE`, and then instruct the human to write these credentials into the `.env` file. While the intent is to enable the skill's functionality, this demonstrates a significant vulnerability where the agent is instructed to handle sensitive data and modify the file system based on markdown instructions, which could be exploited by a malicious prompt in a different context.
Capability Assessment
Purpose & Capability
The skill's stated purpose (OKX trading executor) matches the code: providers/okx_provider.py implements API calls and order placement to OKX. However the registry metadata claims 'Required env vars: none' and 'Primary credential: none' while the code and SKILL.md clearly require OKX API_KEY, API_SECRET, and PASSPHRASE. That mismatch is unexpected and should be fixed or explained.
Instruction Scope
SKILL.md instructs the agent to prompt the human to write credentials into a .env file if missing. The code attempts to load .env from the skill directory (or parent) and will exit with an error if the three OKX credentials are not present. There is no instruction or code that reads unrelated files, exfiltrates data, or posts data to endpoints other than the OKX API. Minor inconsistency: SKILL.md implies agent-driven interactive prompting, but execute.py simply prints an error and exits when creds are missing.
Install Mechanism
No install spec or third-party downloads are present; this is an instruction+code bundle that runs using existing Python and requests. Nothing is fetched from external arbitrary URLs and no archives are extracted.
Credentials
The code legitimately requires three exchange secrets (OKX_API_KEY, OKX_API_SECRET, OKX_PASSPHRASE). That is proportionate to the skill's purpose. The concern is that the skill registry metadata does not declare these required env vars or a primary credential, which is misleading and could cause automated policy checks or secret-handling mechanisms to miss them.
Persistence & Privilege
The skill does not request 'always' presence, does not modify other skills, and contains no install-time persistence. It reads a local .env file only and uses the OKX API; it does not create background services or alter system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install okx-trading-exe - After installation, invoke the skill by name or use
/okx-trading-exe - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
- Introduced core provider structure with base_provider.py and okx_provider.py to standardize API integration.
- Laid the groundwork for clean separation of logic for multiple exchange environments (OKX Live/Demo).
- No changes to existing usage, but new files enable future provider expansion and cleaner code organization.
v0.1.0
0.1-just for myself
Metadata
Frequently Asked Questions
What is OKX交易执行器?
A standardized adapter gateway skill exclusively for OKX exchange to execute trading actions (buy/sell) and query capabilities across OKX Live and Demo envir... It is an AI Agent Skill for Claude Code / OpenClaw, with 627 downloads so far.
How do I install OKX交易执行器?
Run "/install okx-trading-exe" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OKX交易执行器 free?
Yes, OKX交易执行器 is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OKX交易执行器 support?
OKX交易执行器 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OKX交易执行器?
It is built and maintained by iceonme (@iceonme); the current version is v0.1.1.
More Skills