← 返回 Skills 市场
Okx Dex Bridge
作者
ok-james-01
· GitHub ↗
· v2.6.0
· MIT-0
93
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install okx-dex-bridge
功能描述
Use this skill to bridge tokens, cross-chain swap/transfer, move assets between chains, get cross-chain quotes, compare bridge fees, find the cheapest/fastes...
安全使用建议
This skill is coherent with a cross-chain CLI workflow but has some gaps you should be aware of before installing or running it:
- The SKILL.md expects the 'onchainos' CLI and server authentication (JWT or AK env vars), but the skill metadata lists no required binaries or environment variables. Assume you'll need to install the CLI and provide wallet/API credentials.
- The provided preflight instructs downloading an installer (install.sh / install.ps1) from GitHub and executing it. Although it also instructs verifying SHA256 checksums (good practice), downloading-and-running install scripts is inherently risky. Prefer to:
- Manually inspect the installer script at the referenced GitHub release before executing it.
- Verify the checksum and the release authenticity on GitHub (check the repo, publisher, and release history).
- If possible, install the CLI from the official OKX website or package manager instead of via an automated script.
- Expect the tool to ask for authentication (wallet login or API key). Do not paste private keys or secrets into untrusted shells; prefer using secure local wallet tooling or ephemeral credentials.
- If you need higher assurance, ask the skill publisher for an explicit manifest update that declares the required binary ('onchainos') and any environment variables needed (JWT, AK_*, etc.), or run the CLI in an isolated environment (VM/container) first.
Given these mismatches (undeclared CLI and secret usage plus a download-and-execute install flow), treat the skill with caution and validate the installer and auth flows before use.
功能分析
Type: OpenClaw Skill
Name: okx-dex-bridge
Version: 2.6.0
The skill bundle implements a cross-chain bridging interface but contains high-risk execution patterns in its setup logic. Specifically, `_shared/preflight.md` performs automated installation and updates by fetching and executing shell scripts directly from GitHub (the `curl|sh` pattern). While the process includes SHA256 checksum verification to mitigate tampering, this behavior constitutes a significant remote code execution (RCE) surface and supply-chain risk. The remaining files, including `SKILL.md` and `references/cli-reference.md`, appear to be legitimate documentation for the OKX DEX bridge, incorporating numerous safety checks and mandatory user confirmations for financial operations.
能力标签
能力评估
Purpose & Capability
The skill claims to perform cross-chain quoting, approvals, swaps and status tracking via an 'onchainos' CLI. That functionality reasonably requires a CLI that talks to OKX APIs and the user's wallet, so expecting an external binary is coherent — however the skill metadata declares no required binaries or credentials even though SKILL.md repeatedly references the 'onchainos' CLI and server-side authentication (JWT or AK env vars). The missing declaration of the CLI and auth requirements is an inconsistency.
Instruction Scope
SKILL.md and shared files direct the agent to fetch real-time data via the onchainos CLI and to run seven explicit subcommands. The instructions also direct network actions (GitHub API calls, downloading installers, running onchainos commands) and to read sibling shared files for preflight and chain support. Those actions fit the described purpose, but the skill's runtime behavior includes: executing installer scripts downloaded from raw.githubusercontent.com and invoking onchainos which may prompt for or use JWTs/AKs — none of which were declared in the skill manifest.
Install Mechanism
There is no formal install spec in the registry, but the included preflight.md instructs downloading an install.sh (or install.ps1) from raw.githubusercontent.com and release assets from github.com and then executing the installer. These hosts are standard release channels (GitHub) and the instructions require checksum verification, which reduces risk. Nonetheless, download-and-execute remains a higher-risk action and should be validated by the user (review the installer, verify checksums, and prefer manual install if unsure).
Credentials
The manifest lists no required environment variables or primary credentials, but the CLI reference and preflight explicitly mention authentication via JWT from 'wallet login' or AK env vars, and suggest creating a personal key (.env) when rate-limited. This is a concrete mismatch: the skill will likely need wallet credentials or API keys to function, yet none are declared. The agent instructions also discuss a 'shared API key' and JWTs, so users should assume secret material will be involved even though the registry metadata omits it.
Persistence & Privilege
The skill does not request always:true and does not ask to modify other skills or system-wide settings. The preflight may install a user-level binary under standard user paths (e.g., ~/.local/bin or %USERPROFILE%\.local\bin) and create a per-user cache (~/.onchainos). Those are typical for a CLI tool and are proportionate to the stated purpose.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install okx-dex-bridge - 安装完成后,直接呼叫该 Skill 的名称或使用
/okx-dex-bridge触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.6.0
okx-dex-bridge 2.6.0
- Adds support for the latest Onchain OS DEX cross-chain swap CLI and workflows.
- New, more precise command index: 7 subcommands for bridge, token, quote, approve, calldata swap, execute, and status.
- Updated error handling: region restriction messages, improved detection and reporting of unsupported or unbridgeable chain/token pairs (especially EVM vs Solana/Sui/Tron/Ton).
- Clarifies native token address support: only EVM ↔ EVM bridging permitted, others listed for future reference.
- Bridge/token discovery is now more granular by source/destination chain.
- Updates "chain in scope" guidance and strengthens rules for confirming token contract address selection.
v2.4.0
Version 2.4.0 Changelog
- Expanded description for clearer user guidance on bridging, swapping, and cross-chain transfers.
- Updated error handling instructions: ensures user-friendly messaging and clear next-step suggestions on failures.
- Command usage and fallback procedures refined for reliability and clarity; only seven subcommands permitted.
- Chain support and naming rules clarified, including explicit native token address standards.
- Updated mandatory token address resolution steps, with user confirmation required after searches.
- Enhanced risk warning workflow for flagged transactions, requiring explicit user confirmation to force execution.
元数据
常见问题
Okx Dex Bridge 是什么?
Use this skill to bridge tokens, cross-chain swap/transfer, move assets between chains, get cross-chain quotes, compare bridge fees, find the cheapest/fastes... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 93 次。
如何安装 Okx Dex Bridge?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install okx-dex-bridge」即可一键安装,无需额外配置。
Okx Dex Bridge 是免费的吗?
是的,Okx Dex Bridge 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Okx Dex Bridge 支持哪些平台?
Okx Dex Bridge 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Okx Dex Bridge?
由 ok-james-01(@ok-james-01)开发并维护,当前版本 v2.6.0。
推荐 Skills