OKX Security

Name: OKX Security
Author: ok-james-01

Exchanges by @ok-james-01 v2.0.0 3 flags

Use this skill for security scanning: check transaction safety, is this transaction safe, pre-execution check, security scan, token risk scanning, honeypot detection, DApp/URL phishing detection, message signature safety, malicious transaction detection, approval safety checks, token approval management. Triggers: 'is this token safe', 'check token security', 'honeypot check', 'scan this tx', 'scan this swap tx', 'tx risk check', 'is this URL a scam', 'check if this dapp is safe', 'phishing site check', 'is this signature safe', 'check this signing request', 'check my approvals', 'show risky approvals', 'revoke approval', 'check if this approve is safe', token authorization, ERC20 allowance, Permit2. Covers token-scan, dapp-scan, tx-scan (EVM+Solana pre-execution), sig-scan (EIP-712/personal_sign), approvals (ERC-20/Permit2). Chinese: 安全扫描, 代币安全, 蜜罐检测, 貔貅盘, 钓鱼网站, 交易安全, 签名安全, 代币风险, 授权管理, 授权查询, 风险授权, 代币授权. Do NOT use for wallet balance/send/history — use okx-agentic-wallet.

Install

$ cp -r cryptoskill/skills/exchanges/okx-security .claude/skills/

$ clawhub install okx-security

Trust profile trust grade not computed yet

3 red flags 7 cleared 1 not measured

Capabilities below are detected automatically by an open-source scanner that reads the skill's text and scripts (see how this is computed). Not measured means the scanner couldn't make a confident call — it is NOT a green check, and you should treat it as a possible red flag until a human or a stronger scanner has measured it.

3 Red flags things this skill can do that affect your security or funds

⚠
Requires private key you must hand over a private key, mnemonic, or wallet config
⚠
Requires hosted operator depends on a third-party hosted service to function
⚠
Can execute shell runs arbitrary shell commands on your machine

7 Cleared by scanner we scanned the skill's text & scripts and found no evidence of these

✓
Can move funds this skill can sign and send transactions on your behalf
✓
Uses remote install script setup pipes a remote shell script (curl | sh class)
✓
Mutable remote runtime runs remote code that can change behavior without a local diff
✓
Can install code installs software at setup time (npx, pip, brew, etc.)
✓
Can browse the web fetches arbitrary URLs at runtime
✓
Can write files writes to your local filesystem
✓
Can spawn sub-agents delegates to other skills or sub-agents

1 Not measured yet scanner couldn't make a confident call — treat as a possible red flag

?
Auto-invocable may be invoked by the agent without your explicit prompt

Execution mode

analysis_only Phase 1 single-mode classification — multi-mode breakdown deferred to Phase 2.

Ingredients (services this skill talks to)

External services this skill needs in order to work. The skill's behavior depends on these services being up, honest, and unchanged. Today we only show services we recognize from a curated list of ~50 well-known hosts (exchanges, RPC providers, data APIs); a complete dependency list — including every package, library, and binary the skill installs or imports — is on the roadmap.

service okx.com

Audits

No one has audited this skill yet. That is different from “audited and clean” — it just means no professional reviewer (a security firm, the CryptoSkill team, or a verified independent researcher) has signed off on it. There are no audit reports to read. How reviewer levels work →

SKILL.md → SOURCE.md → TRUST.auto.yaml → Browse directory →

Auto-generated by cryptoskill/extract-capabilities/0.3.0 · hosted-service list version 2026-04-26 · how this is computed

Source

View on GitHub →