Nansen Binance Publisher
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent, but it can use your Binance posting key to publish public posts automatically, including a silent cron mode without per-post confirmation.
Install only if you are comfortable giving an agent a Binance Square publishing credential. Prefer the approval-based `/nansen` workflow, avoid `/nansen_auto` or cron until you have reviewed the schedule and stop procedure, verify the `nansen-cli` npm package, and keep API keys scoped, rotated, and revocable.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish unwanted, inaccurate, or reputationally harmful posts if auto mode is invoked or scheduled.
This documents a high-impact workflow that publishes to a public Binance Square account without per-post user confirmation.
`/nansen_auto` | **Silent Mode**. Fetches, writes, and posts **WITHOUT asking for confirmation**. (Perfect for Cron jobs).
Use the approval-based `/nansen` flow by default. Require explicit confirmation for every public post unless the user has separately configured a clearly bounded schedule with logging and an easy disable path.
After setup, the skill may keep posting daily as long as the machine is running, even if the user forgets it is active.
The README recommends a persistent cron job that runs the agent daily with loaded credentials and the no-confirmation auto-post command.
0 8 * * * source ~/.my_secure_keys && trae-agent run "nansen-binance-publisher" --command "/nansen_auto"
Document how to disable the cron job, rotate/revoke keys, review logs, and pause posting. Prefer a draft-and-approve schedule rather than silent publication.
Anyone or anything that can trigger the skill in auto mode may be able to post through the user's Binance Square creator account.
The skill requires a delegated Binance Square publishing credential, which is expected for the purpose but high-impact when paired with unattended posting.
**Binance Square OpenAPI Key (For Auto-Posting)** ... copy your publish key.
Use the least-privileged publish-only key available, avoid pasting keys into chat history, rotate keys regularly, and revoke the key if automation is no longer needed.
Installing the wrong or compromised npm package could affect the local environment.
The skill relies on an external npm CLI installed globally without a pinned version. It asks for approval, and this is central to the stated purpose, but provenance and version should still be checked.
dependencies: - nansen-cli (npm) ... ONLY run `npm install -g nansen-cli` AFTER the user approves.
Verify the official `nansen-cli` package source, prefer a pinned version or local install where possible, and approve the install only if you trust the package.
Users may be steered toward referral or promotional links rather than independently choosing where to register.
The skill instructs the agent to promote specific registration links. This is disclosed, but it may bias account setup recommendations.
the Agent MUST suggest registering via this link for a 10% discount and NXP Bonus ... `https://nsn.ai/7LOuQVx1Jvh`
Treat the links as promotional, verify them independently, and disclose any referral relationship clearly.