okx-agentic-wallet Security Report — Trusted | ClawSafe

5 /100

okx-agentic-wallet

OKX Onchain OS Wallet - manages authentication, balance queries, token transfers, transaction history, and smart contract calls

Legitimate OKX wallet management skill with proper binary verification, no credential theft or exfiltration, and well-documented behavior.

Skill Nameokx-agentic-wallet

Duration29.7s

Enginepi

✓

Safe to install

This skill is safe to use. Continue following the documented pre-flight checks for binary verification.

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	SKILL.md lines 27-67: curl to GitHub API and OKX APIs
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md line 41: writes to /tmp, ~/.local/bin
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md: executes onchainos CLI commands throughout
Environment	`READ`	`READ`	✓ Aligned	SKILL.md line 103: checks OKX_API_KEY environment variable
Skill Invoke	`READ`	`READ`	✓ Aligned	SKILL.md: routes to okx-dex-swap, okx-security, etc.

7 findings

🔗

Medium External URL 外部 URL

https://web3.okx.com

SKILL.md:8

🔗

Medium External URL 外部 URL

https://web3.okx.com/onchain-os/dev-portal

SKILL.md:71

🔗

Medium External URL 外部 URL

https://web3.okx.com/onchainos/dev-docs/home/api-access-and-usage

SKILL.md:218

🔗

Medium External URL 外部 URL

https://etherscan.io/tx/0xabc123...

SKILL.md:435

💰

Medium Wallet Address 加密货币钱包地址

0x3883ec817f2a080cb035b0a38337171586e507be

references/cli-reference.md:234

💰

Medium Wallet Address 加密货币钱包地址

0x74b7f16337b8972027f6196a17a631ac6de26d22

references/cli-reference.md:482

💰

Medium Wallet Address 加密货币钱包地址

0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48

references/cli-reference.md:506

File Tree

2 files · 67.7 KB · 1529 lines

Markdown 2f · 1529L

├─ ▾ 📁 references

│ └─ 📝 cli-reference.md Markdown 773L · 25.2 KB

└─ 📝 SKILL.md Markdown 756L · 42.5 KB

Security Positives

✓ Binary downloaded from official GitHub releases with SHA256 checksum verification

✓ Pre-flight checks verify binary integrity before each session

✓ Credentials stored locally only (keyring.json, wallets.json) - no exfiltration

✓ No access to ~/.ssh, ~/.aws, or other sensitive credential paths

✓ No base64-encoded execution or obfuscation detected

✓ No iteration through environment variables for credential harvesting

✓ Well-documented command routing and parameter validation

✓ Transaction simulation before broadcast with failure warnings

✓ Sensitive fields (accessToken, refreshToken, apiKey) explicitly protected from exposure

Scan Report

File Tree

Security Positives