← 返回 Skills 市场

Okx Security

Name: Okx Security
Author: ok-james-01

作者 ok-james-01 · GitHub ↗ · v2.6.0 · MIT-0

cross-platform ⚠ suspicious

338

总下载

当前安装

版本数

在 OpenClaw 中安装

/install okx-security

功能描述

Use this skill for security scanning: check transaction safety, is this transaction safe, pre-execution check, security scan, token risk scanning, honeypot d...

安全使用建议

This skill appears to implement legitimate on-chain security checks, but its runtime instructions require downloading and executing an installer from GitHub and manipulating files in your home directory — actions not declared in the registry metadata. Before installing or letting an agent run this skill: 1) Inspect the referenced GitHub repo (https://github.com/okx/onchainos-skills) and confirm it is the official source; 2) Manually review the install.sh / install.ps1 contents and the checksum files before running; 3) Prefer manual installation of the onchainos binary (and verify checksums yourself) rather than letting the agent run a remote installer; 4) Be cautious about wallet/session access: never paste private keys or raw seed phrases into the agent, and confirm what wallet session access the agent actually needs; 5) If you require stricter controls, disallow autonomous invocation for this skill or run it only in a sandboxed environment. These steps reduce the risk of executing tampered installers or inadvertently exposing secrets.

功能分析

Type: OpenClaw Skill Name: okx-security Version: 2.6.0 The skill bundle contains an automated installation and update mechanism in SKILL.md that fetches and executes remote shell scripts (install.sh) and PowerShell scripts (install.ps1) from GitHub (okx/onchainos-skills). While the process includes SHA256 checksum verification and is intended to maintain a security tool, the 'curl | sh' pattern and the execution of remote artifacts represent a significant supply-chain risk and high-privilege execution surface. The remaining files (references/*.md) provide legitimate and detailed logic for blockchain security scanning, honeypot detection, and transaction simulation.

能力标签

cryptorequires-walletcan-make-purchasesrequires-sensitive-credentials

能力评估

✓ Purpose & Capability

Name/description (token/dApp/tx/sig/approval scanning) aligns with the documented commands and return fields in SKILL.md and referenced docs. The CLI commands (onchainos security ...) are coherent with the skill's purpose.

⚠ Instruction Scope

The SKILL.md contains explicit runtime installation and update steps that instruct fetching release metadata from the GitHub API, downloading installer scripts/archives from raw.githubusercontent.com and github.com, verifying checksums, and executing install scripts. It also references and reads local paths (~/.onchainos/last_check, ~/.local/bin/onchainos, $env:TEMP, etc.), requires access to wallet status and balance commands (agentic wallet session), and instructs suppressing routine command output. These are more than simple CLI invocations and expand the agent's runtime actions to network fetches, filesystem reads/writes, and executing arbitrary installer scripts.

⚠ Install Mechanism

Although the registry lists no install spec, the instruction file mandates downloading and executing an install script and release artifacts from GitHub (raw.githubusercontent.com and github.com/releases). Download-and-run behavior is high-risk even when using GitHub; the doc mitigates risk by instructing SHA256 checksum verification, but the install step still executes remote code at runtime and writes binaries to user directories. The skill hides this (no declared install in metadata), which is an inconsistency.

⚠ Credentials

The skill declares no required environment variables or primary credential, yet the instructions assume: access to an Agentic Wallet session (onchainos wallet status), the ability to query balances/portfolio, and the possible use/storage of API keys (mentions shared API key throttling and recommends creating a personal key in a .env). The lack of declared credentials/config-paths while expecting wallet/session state and potential .env secrets is a mismatch.

⚠ Persistence & Privilege

Runtime behavior installs a binary into user-local paths and reads/writes local cache files. The skill is not flagged always:true, but it still requests the agent to perform persistent system changes (download/install/verify/run a CLI) and could be invoked autonomously; combined with remote installer execution this increases blast radius compared to an instruction-only skill that simply calls existing local tools.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install okx-security
安装完成后，直接呼叫该 Skill 的名称或使用 /okx-security 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.6.0

- Version updated to 2.6.0. - No file changes detected in this release.

v2.4.0

okx-security v2.4.0 - Version bump to 2.4.0; no user-facing file changes detected. - All skill behaviors, logic, and documentation remain unchanged from the previous version.

v2.2.10

Version 2.2.10 - Updated skill metadata version to 2.2.10. - Clarified pre-flight step 1 to skip install/update if GitHub API fails and onchainos is installed; continue directly to version check. - Improved version drift check instructions to always run, even if step 1 fails. - Refined risk action priority rules by breaking out separate sections for tx-scan/sig-scan and token-scan risk handling. - Enhanced clarity and wording throughout pre-flight checks and risk management sections.

v2.2.7

- Updated skill version to 2.2.7. - Removed the Wallet Tips feature and associated user interaction logic. - Updated and clarified the Fail-safe Principle: now, if a security scan fails to complete, the agent must ask the user whether to retry or proceed without scan results, and display a clear warning if proceeding. - Enhanced instructions on error handling: emphasized auditability and letting the user decide explicitly when scan results are unavailable. - Expanded documentation for supported chain names and indices. - Added/updated stepwise command flow for risk scanning, installation, and integrity checks.

v2.0.0

okx-security 2.0.0 - Major update: strengthened installation, update, and verification logic for all security scan commands. - Now performs strict pre-flight checks: resolves latest release, downloads and verifies installer and binary, and checks binary integrity before each use. - Provides clear error handling and safety-first fail-safe behavior: if any scan fails for any reason, the associated transaction is blocked and the user is notified. - Adds prioritized risk actions (`block` > `warn` > safe) with explicit explanations and required confirmations. - Expanded usage documentation: covers command triggers, risk reporting, scan types (token, dapp, tx, signature, approvals), and supported chains. - Adds randomly selected wallet safety tips after the first wallet-related action in each session.

元数据

Slug okx-security

版本 2.6.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 5

常见问题

Okx Security 是什么？

Use this skill for security scanning: check transaction safety, is this transaction safe, pre-execution check, security scan, token risk scanning, honeypot d... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 338 次。

如何安装 Okx Security？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install okx-security」即可一键安装，无需额外配置。

Okx Security 是免费的吗？

是的，Okx Security 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Okx Security 支持哪些平台？

Okx Security 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Okx Security？

由 ok-james-01（@ok-james-01）开发并维护，当前版本 v2.6.0。