okx-mcp-skill

Overall, the skill is moderately aligned with its stated purpose and demonstrates appropriate auth and guardrails for high-impact actions. The most salient concerns are the presence of a shared demo key in documentation and the lack of explicit binary verification steps for any external tooling. These elevate security considerations beyond benign. The recommended posture is to treat as SUSPICIOUS (leaning toward BENIGN with careful review) and to enforce strict handling of demo credentials and explicit verification of any binaries before use in production. Final assessment: suspicious due to credential disclosure surface and reliance on external tooling without verifiable integrity checks, but not clearly malicious given the described workflow and safeguards.