okx-agentic-wallet 安全扫描报告 — 可信 | ClawSafe

5 /100

okx-agentic-wallet

OKX Onchain OS Wallet - manages authentication, balance queries, token transfers, transaction history, and smart contract calls

Legitimate OKX wallet management skill with proper binary verification, no credential theft or exfiltration, and well-documented behavior.

技能名称okx-agentic-wallet

分析耗时29.7s

引擎pi

✓

可以安装

This skill is safe to use. Continue following the documented pre-flight checks for binary verification.

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	SKILL.md lines 27-67: curl to GitHub API and OKX APIs
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md line 41: writes to /tmp, ~/.local/bin
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md: executes onchainos CLI commands throughout
环境变量	`READ`	`READ`	✓ 一致	SKILL.md line 103: checks OKX_API_KEY environment variable
技能调用	`READ`	`READ`	✓ 一致	SKILL.md: routes to okx-dex-swap, okx-security, etc.

7 项发现

🔗

中危外部 URL 外部 URL

https://web3.okx.com

SKILL.md:8

🔗

中危外部 URL 外部 URL

https://web3.okx.com/onchain-os/dev-portal

SKILL.md:71

🔗

中危外部 URL 外部 URL

https://web3.okx.com/onchainos/dev-docs/home/api-access-and-usage

SKILL.md:218

🔗

中危外部 URL 外部 URL

https://etherscan.io/tx/0xabc123...

SKILL.md:435

💰

中危钱包地址加密货币钱包地址

0x3883ec817f2a080cb035b0a38337171586e507be

references/cli-reference.md:234

💰

中危钱包地址加密货币钱包地址

0x74b7f16337b8972027f6196a17a631ac6de26d22

references/cli-reference.md:482

💰

中危钱包地址加密货币钱包地址

0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48

references/cli-reference.md:506

目录结构

2 文件 · 67.7 KB · 1529 行

Markdown 2f · 1529L

├─ ▾ 📁 references

│ └─ 📝 cli-reference.md Markdown 773L · 25.2 KB

└─ 📝 SKILL.md Markdown 756L · 42.5 KB

安全亮点

✓ Binary downloaded from official GitHub releases with SHA256 checksum verification

✓ Pre-flight checks verify binary integrity before each session

✓ Credentials stored locally only (keyring.json, wallets.json) - no exfiltration

✓ No access to ~/.ssh, ~/.aws, or other sensitive credential paths

✓ No base64-encoded execution or obfuscation detected

✓ No iteration through environment variables for credential harvesting

✓ Well-documented command routing and parameter validation

✓ Transaction simulation before broadcast with failure warnings

✓ Sensitive fields (accessToken, refreshToken, apiKey) explicitly protected from exposure