Is esojourn/okx-trader safe?

https://github.com/openclaw/skills/tree/main/skills/esojourn/okx-trader

87
SAFE

This OKX trading skill appears to be a legitimate automated trading bot with appropriate safety measures and risk warnings. While it executes financial operations with inherent risks, the code follows expected patterns for cryptocurrency trading applications without malicious behavior.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 70/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

MEDIUM Executable Financial Trading Code -30

The skill contains Node.js scripts that execute automated trading operations on OKX exchange, including placing/canceling orders and managing financial positions. While the code appears legitimate, it operates with significant permissions and financial implications.

LOW API Credentials Dependency -15

The skill requires OKX API credentials including keys and passphrase, which could be exposed if configuration files are compromised. However, access is limited to designated config directory.

INFO Appropriate Risk Warnings 0

The skill includes comprehensive risk warnings about cryptocurrency trading and recommends safety measures like simulation mode and disabling withdrawal permissions.