Okx Security

Name: Okx Security
Author: okx

okx/onchainos-skills·MIT

Run Onchain OS security commands to scan tokens, DApps, transactions, signatures, and token approvals before a solo builder signs or ships Web3 features.

Overview

Okx-security is an agent skill most often used in Ship (also Validate) that runs Onchain OS scans for tokens, DApps, transactions, signatures, and approvals before you sign or ship Web3 actions.

Install

npx skills add https://github.com/okx/onchainos-skills --skill okx-security

What is this skill?

Five command areas: token-scan, dapp-scan, tx-scan (EVM + Solana pre-execution), sig-scan (EIP-712 / personal_sign), and
Triggers cover honeypot detection, phishing URLs, malicious transactions, and risky allowance review
Explicit boundary: use for security scanning—not wallet balance, send, or history (okx-agentic-wallet)
Pre-flight flow before every `onchainos` command with brief user-facing status on install/update only
MIT-licensed Onchain OS skill v1.1.0 oriented to agent-driven Web3 safety checks
Covers 5 security command areas: token-scan, dapp-scan, tx-scan, sig-scan, and approvals
Tx-scan supports EVM and Solana pre-execution; sig-scan covers EIP-712 and personal_sign

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 4.6k installs on skills.sh; 284 GitHub stars; 2/3 security scanners passed (skills.sh audits).

What problem does it solve?

You are about to approve, sign, or swap on-chain but cannot quickly tell if the token, URL, transaction, or signature request is a honeypot, phishing trap, or malicious payload.

Who is it for?

Indie Web3 builders using agentic wallets or swap UIs who want pre-execution checks and approval hygiene across EVM and Solana.

Skip if: Portfolio balance queries, sends, or transaction history—use okx-agentic-wallet instead; also not a substitute for legal compliance review or manual code audit of custom contracts.

When should I use this skill?

Triggers such as is this token safe, honeypot check, scan this tx, phishing site check, is this signature safe, check my approvals, revoke approval, or Chinese 安全扫描 / 代币授权 variants—before signing or swapping; not for wal

What do I get? / Deliverables

You run the matching Onchain OS security command, get structured risk signal on tokens, DApps, txs, signatures, or approvals, and defer wallet money movement to okx-agentic-wallet.

Token risk scan result
DApp/URL phishing assessment
Pre-execution tx risk report

Recommended Skills

Solana Devsolana-foundation/solana-dev-skill

Solana Development Skill is the Solana Foundation’s agent playbook for building and debugging decentralized applications…28.4k installs·514 stars

Solidity Securitywshobson/agents

solidity-security is an agent skill for indie Web3 builders and small teams shipping EVM smart contracts who need concre…11.3k installs·36.5k stars

Emblem Ai Agent Walletemblemcompany/emblemai-agentwallet

Emblem Agent Wallet is an agent skill that connects assistants to EmblemAI and EmblemVault for autonomous crypto operati…8.7k installs·7 stars

Emblem Portfolio Trackeremblemcompany/agent-skills

emblem-portfolio-tracker is an agent skill packaged with a runnable portfolio-report.sh workflow for solo builders and i…8.7k installs·10 stars

Emblem Defi Yieldemblemcompany/agent-skills

Emblem DeFi Yield is an agent skill packaged as a bash script that orchestrates the EmblemAI CLI for solo builders explo…8.6k installs·10 stars

Emblem Memecoin Scoutemblemcompany/agent-skills

Emblem Memecoin Scout packages a bash workflow that drives the EmblemAI agent CLI to surface fresh memecoin launches and…8.6k installs·10 stars

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Pre-execution tx checks, phishing detection, and approval hygiene are safety gates before users touch mainnet—canonical shelf is Ship/security. All five command families are defensive scanning and approval management, not wallet send/balance flows.

Also useful

ValidateScope & plan

Where it fits

Example use

ValidateScope & plan

Token-scan a memecoin before committing it to a landing-page or swap prototype.

Example use

ShipSecurity

Tx-scan an EVM or Solana swap immediately before the user confirms in wallet.

Example use

ShipSecurity

Dapp-scan a novel URL when the agent opens a new DeFi frontend.

Example use

ShipSecurity

Approvals pass to list and prioritize risky ERC-20 or Permit2 allowances before launch.

Example use

OperateIteration & experiments

Re-run approval checks after a contract upgrade changes spender addresses.

How it compares

Security-scanning skill for Onchain OS commands, not the okx-agentic-wallet skill for balances and transfers.

Common Questions / FAQ

Who is okx-security for?

Solo builders shipping crypto features or using AI agents to interact with DApps who need token, URL, tx, signature, and approval risk checks through OKX Onchain OS.

When should I use okx-security?

In Ship/security before users sign mainnet transactions; in Validate/scope when vetting tokens or DApps for a prototype; whenever triggers like honeypot check, scan this swap tx, or show risky approvals appear.

Is okx-security safe to install?

It drives third-party onchain scanning via network APIs—review the Security Audits panel on this page, verify Onchain OS install sources, and never paste private keys into chat while scanning.

SKILL.md

READMESKILL.md - Okx Security

# Onchain OS Security

5 commands for token risk analysis, DApp phishing detection, transaction pre-execution security, signature safety, and approval management.

## Pre-flight Checks

Every time before running any `onchainos` command, always follow these steps in order. Do not echo routine command output to the user; only provide a brief status update when installing, updating, or handling a failure.

1. **Resolve latest stable version**: Fetch the latest stable release tag from the GitHub API:
   ```
   curl -sSL "https://api.github.com/repos/okx/onchainos-skills/releases/latest"
   ```
   Extract the `tag_name` field (e.g., `v1.0.5`) into `LATEST_TAG`.
   If the API call fails and `onchainos` is already installed locally, skip steps 2-3
   and continue with step 4 (the user may be offline or rate-limited; a stale
   binary is better than blocking). If `onchainos` is **not** installed, **stop** and
   tell the user to check their network connection or install manually from
   https://github.com/okx/onchainos-skills.

2. **Install or update**: If `onchainos` is not found, or if the cache at `~/.onchainos/last_check` (`$env:USERPROFILE\.onchainos\last_check` on Windows) is older than 12 hours:
   - Download the installer and its checksum file from the latest release tag:
     - **macOS/Linux**:
       `curl -sSL "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh" -o /tmp/onchainos-install.sh`
       `curl -sSL "https://github.com/okx/onchainos-skills/releases/download/${LATEST_TAG}/installer-checksums.txt" -o /tmp/installer-checksums.txt`
     - **Windows**:
       `Invoke-WebRequest -Uri "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.ps1" -OutFile "$env:TEMP\onchainos-install.ps1"`
       `Invoke-WebRequest -Uri "https://github.com/okx/onchainos-skills/releases/download/${LATEST_TAG}/installer-checksums.txt" -OutFile "$env:TEMP\installer-checksums.txt"`
   - Verify the installer's SHA256 against `installer-checksums.txt`. On mismatch, **stop** and warn — the installer may have been tampered with.
   - Execute: `sh /tmp/onchainos-install.sh` (or `& "$env:TEMP\onchainos-install.ps1"` on Windows).
     The installer handles version comparison internally and only downloads the binary if needed.
   - On other failures, point to https://github.com/okx/onchainos-skills.

3. **Verify binary integrity** (once per session): Run `onchainos --version` to get the installed
   version (e.g., `1.0.5` or `2.0.0-beta.0`). Construct the installed tag as `v<version>`.
   Download `checksums.txt` for the **installed version's tag** (not necessarily LATEST_TAG):
   `curl -sSL "https://github.com/okx/onchainos-skills/releases/download/v<version>/checksums.txt" -o /tmp/onchainos-checksums.txt`
   Look up the platform target and compare the installed binary's SHA256 against the checksum.

What is this skill?

Five command areas: token-scan, dapp-scan, tx-scan (EVM + Solana pre-execution), sig-scan (EIP-712 / personal_sign), and

Triggers cover honeypot detection, phishing URLs, malicious transactions, and risky allowance review

Explicit boundary: use for security scanning—not wallet balance, send, or history (okx-agentic-wallet)

Pre-flight flow before every `onchainos` command with brief user-facing status on install/update only

MIT-licensed Onchain OS skill v1.1.0 oriented to agent-driven Web3 safety checks

Covers 5 security command areas: token-scan, dapp-scan, tx-scan, sig-scan, and approvals

Tx-scan supports EVM and Solana pre-execution; sig-scan covers EIP-712 and personal_sign

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 4.6k installs on skills.sh; 284 GitHub stars; 2/3 security scanners passed (skills.sh audits).

Who is it for?

Indie Web3 builders using agentic wallets or swap UIs who want pre-execution checks and approval hygiene across EVM and Solana.

Skip if: Portfolio balance queries, sends, or transaction history—use okx-agentic-wallet instead; also not a substitute for legal compliance review or manual code audit of custom contracts.

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Also useful

Where it fits

Example use

ValidateScope & plan

Token-scan a memecoin before committing it to a landing-page or swap prototype.

Example use

ShipSecurity

Tx-scan an EVM or Solana swap immediately before the user confirms in wallet.

Example use

ShipSecurity

Dapp-scan a novel URL when the agent opens a new DeFi frontend.

Example use

ShipSecurity

Approvals pass to list and prioritize risky ERC-20 or Permit2 allowances before launch.

Example use

OperateIteration & experiments

Re-run approval checks after a contract upgrade changes spender addresses.

SKILL.md

READMESKILL.md - Okx Security

# Onchain OS Security

5 commands for token risk analysis, DApp phishing detection, transaction pre-execution security, signature safety, and approval management.

## Pre-flight Checks

Every time before running any `onchainos` command, always follow these steps in order. Do not echo routine command output to the user; only provide a brief status update when installing, updating, or handling a failure.

1. **Resolve latest stable version**: Fetch the latest stable release tag from the GitHub API:
   ```
   curl -sSL "https://api.github.com/repos/okx/onchainos-skills/releases/latest"
   ```
   Extract the `tag_name` field (e.g., `v1.0.5`) into `LATEST_TAG`.
   If the API call fails and `onchainos` is already installed locally, skip steps 2-3
   and continue with step 4 (the user may be offline or rate-limited; a stale
   binary is better than blocking). If `onchainos` is **not** installed, **stop** and
   tell the user to check their network connection or install manually from
   https://github.com/okx/onchainos-skills.

2. **Install or update**: If `onchainos` is not found, or if the cache at `~/.onchainos/last_check` (`$env:USERPROFILE\.onchainos\last_check` on Windows) is older than 12 hours:
   - Download the installer and its checksum file from the latest release tag:
     - **macOS/Linux**:
       `curl -sSL "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh" -o /tmp/onchainos-install.sh`
       `curl -sSL "https://github.com/okx/onchainos-skills/releases/download/${LATEST_TAG}/installer-checksums.txt" -o /tmp/installer-checksums.txt`
     - **Windows**:
       `Invoke-WebRequest -Uri "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.ps1" -OutFile "$env:TEMP\onchainos-install.ps1"`
       `Invoke-WebRequest -Uri "https://github.com/okx/onchainos-skills/releases/download/${LATEST_TAG}/installer-checksums.txt" -OutFile "$env:TEMP\installer-checksums.txt"`
   - Verify the installer's SHA256 against `installer-checksums.txt`. On mismatch, **stop** and warn — the installer may have been tampered with.
   - Execute: `sh /tmp/onchainos-install.sh` (or `& "$env:TEMP\onchainos-install.ps1"` on Windows).
     The installer handles version comparison internally and only downloads the binary if needed.
   - On other failures, point to https://github.com/okx/onchainos-skills.

3. **Verify binary integrity** (once per session): Run `onchainos --version` to get the installed
   version (e.g., `1.0.5` or `2.0.0-beta.0`). Construct the installed tag as `v<version>`.
   Download `checksums.txt` for the **installed version's tag** (not necessarily LATEST_TAG):
   `curl -sSL "https://github.com/okx/onchainos-skills/releases/download/v<version>/checksums.txt" -o /tmp/onchainos-checksums.txt`
   Look up the platform target and compare the installed binary's SHA256 against the checksum.

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is okx-security for?

When should I use okx-security?

Is okx-security safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is okx-security for?

When should I use okx-security?

Is okx-security safe to install?

SKILL.md