OKX-aggregated DeFi product discovery and execution — for users who want OKX to find and route to the best protocol, WITHOUT naming a specific DApp. **If the...
Security Analysis
high confidenceThe skill's requests and instructions are coherent with its stated purpose (OKX-aggregated DeFi discovery and calldata generation) and it does not ask for unrelated credentials or install arbitrary code.
Name/description match the runtime instructions: SKILL.md documents searching DeFi products, preparing deposits, generating calldata, and delegating broadcast/signing to other OKX skills. There are no unrelated required binaries, env vars, or config paths.
Instructions are focused on parsing the user's prompt for DApp names, calling the listed 'defi' CLI actions (search, prepare, deposit/withdraw/collect, etc.), and routing to the appropriate OKX skills. The skill does not instruct the agent to read local files, secrets, or exfiltrate data. It explicitly delegates signing/broadcasting to other skills (okx-onchain-gateway / okx-agentic-wallet).
No install spec and no code files — instruction-only skill. Nothing will be downloaded or written to disk by this skill itself.
The skill declares no required env vars or credentials, which is proportionate. However, it relies on other agent skills (okx-agentic-wallet, okx-onchain-gateway) for signing and broadcasting; those other skills will need credentials/keys. Confirm you trust those skills and understand what credentials they require before enabling agent-initiated flows.
always is false and the skill does not request system-wide config or persistent privileges. Autonomous invocation is allowed (platform default) but is not combined with elevated persistence or hidden config changes.
Guidance
This skill appears to do what it says: discover aggregated DeFi products and generate the calldata needed to invest. Before installing, verify you trust the OKX ecosystem skills this one defers to (okx-agentic-wallet, okx-onchain-gateway), because those will handle signing/broadcasting and therefore need access to wallet keys. Never paste private keys into chat; prefer a hardware or dedicated signing service. When executing deposits/approvals, always review generated calldata and the destination contract address (malicious or mistaken approvals can allow token drain). Test with a small amount first and confirm you understand the routing rule: if the user names a specific DApp/protocol, this skill will NOT execute and will reroute to the DApp-specific skill.
Latest Release
v2.6.0
Version 2.6.0 summary: Adds strict routing logic to redirect DApp-specific requests to the correct skill. - Introduces mandatory Step 0: checks every user prompt for named DeFi DApps/protocols or native tokens and routes such requests to okx-dapp-discovery instead of this skill. - Significantly updates the description and skill scope to clarify that this skill is only for OKX-aggregated, DApp-agnostic DeFi investing. - Provides a comprehensive, explicit list of DApp names and protocol-native tokens that trigger re-routing. - Adds user prompt examples for correct and incorrect usage. - No code or CLI changes; documentation logic and flow updated for improved intent routing.
More by @ok-james-01
Published by @ok-james-01 on ClawHub
