← 返回 Skills 市场
1887
总下载
2
收藏
5
当前安装
1
版本数
在 OpenClaw 中安装
/install okx-dex
功能描述
OKX DEX aggregator (v6). Get swap quotes, swap/approve tx data, tokens, and chains.
安全使用建议
This skill appears to implement a genuine OKX DEX API client, but there are important red flags you should address before installing: (1) The repository/registry metadata does NOT declare the three required secrets although SKILL.md and scripts do — verify the publisher and the provenance. (2) The SKILL.md contains inconsistent variable names (SECRET_KEY vs OKX_SECRET_KEY) and brittle signing snippets; test in a safe environment first. (3) The skill is configured 'always: true' which forces it into every agent session — remove or question this unless you need it always available. If you proceed, only provide API keys with minimal permissions, consider creating a dedicated OKX key you can revoke, and monitor/rotate keys after initial use. If the publisher cannot explain the metadata mismatches and justify always:true, treat the package as untrusted.
功能分析
Type: OpenClaw Skill
Name:
Developer:
Version:
Description: OpenClaw Agent Skill
Suspicious High-Entropy/Eval files: 1
The OpenClaw skill 'okx-dex' is designed to interact with the official OKX DEX aggregator API for cryptocurrency operations. It uses standard tools (`curl`, `jq`, `python3`) to fetch data and construct authenticated API requests to `https://web3.okx.com`. API credentials (`OKX_API_KEY`, `OKX_SECRET_KEY`, `OKX_PASSPHRASE`) are securely accessed from environment variables for HMAC signing and authentication headers, with no evidence of exfiltration or insecure handling. Crucially, the `SKILL.md` includes 'Safety Rules' that explicitly instruct the AI agent to display swap details, warn about risks, and 'NEVER execute without explicit user confirmation,' actively mitigating prompt injection risks and promoting transparency.
能力评估
Purpose & Capability
The SKILL.md and scripts clearly implement an OKX DEX aggregator (requests to https://web3.okx.com, HMAC signing, swap/quote/approve endpoints), which is consistent with the declared purpose. However the registry metadata claims no required environment variables or primary credential while the runtime instructions require OKX API credentials — an inconsistency between declared metadata and actual capability.
Instruction Scope
The runtime instructions and provided test script confine network access to the OKX API base URL and only use curl/jq/python3, which is appropriate for the stated purpose. However there are multiple inconsistencies/bugs in the instructions: several Python signing snippets reference a different env var name (SECRET_KEY) than the documented OKX_SECRET_KEY, and some f-string usages rely on shell expansion in a way that is brittle. These mismatches could cause accidental misuse of the wrong environment variable or failed requests.
Install Mechanism
This is an instruction-only skill (no install spec that downloads/executes remote code). The only required binaries are curl, jq, and python3 — reasonable for the provided shell + python examples and lower risk than arbitrary downloads.
Credentials
The skill legitimately needs OKX_API_KEY, OKX_SECRET_KEY (secret), and OKX_PASSPHRASE to sign API calls, which is proportionate for a DEX aggregator. The problem: the registry metadata lists no required env vars / no primary credential, so the manifest underreports sensitive requirements. Also some code snippets refer to SECRET_KEY instead of OKX_SECRET_KEY, increasing the chance of misconfiguration or accidental use of a differently named secret.
Persistence & Privilege
The skill is flagged always: true which forces it to be included in every agent run. A DEX aggregator does not normally require permanent inclusion; 'always' increases the blast radius if the skill or its environment has issues. Autonomous invocation (disable-model-invocation: false) is the platform default and not itself flagged, but combined with always:true and the requirement for API secrets it raises additional risk.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install okx-dex - 安装完成后,直接呼叫该 Skill 的名称或使用
/okx-dex触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of okx-dex skill.
- Provides OKX DEX aggregator functionality using the v6 API.
- Supports fetching swap quotes, swap and approval transaction data, token lists, and supported chain information.
- Includes Bash and Python3 code examples for all key DEX endpoints.
- Requires OKX API key, secret, and passphrase environment variables.
- CLI examples cover multi-chain (EVM and non-EVM) swap and token workflows.
元数据
常见问题
okx-dex 是什么?
OKX DEX aggregator (v6). Get swap quotes, swap/approve tx data, tokens, and chains. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1887 次。
如何安装 okx-dex?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install okx-dex」即可一键安装,无需额外配置。
okx-dex 是免费的吗?
是的,okx-dex 完全免费(开源免费),可自由下载、安装和使用。
okx-dex 支持哪些平台?
okx-dex 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 okx-dex?
由 ricky321u(@ricky321u)开发并维护,当前版本 v1.0.0。
推荐 Skills