Skillv0.0.1

ClawScan security

Maxxit 0G Trading · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 6:57 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The code implements the described trading features and calls Maxxit programmatic APIs (so functionality matches the description), but the skill package metadata and runtime instructions disagree about required credentials, binaries, and invocation behavior — those inconsistencies and a few risky maintenance instructions merit caution before installing or giving it API keys.
Guidance: What to check before installing/using this skill: - Metadata mismatches: SKILL.md and the Python code require MAXXIT_API_KEY and MAXXIT_API_URL but the registry metadata reports no required env or primary credential — assume the skill needs those secrets. Do not provide your MAXXIT API key unless you trust the Maxxit service and this package. - Verify disableModelInvocation: SKILL.md sets disableModelInvocation: true but the registry shows false. Ask the publisher which behavior is authoritative (do you want the agent to call LLMs/autonomously or not?). - Inspect and run in isolation: the package contains executable strategy scripts that will call external APIs and can open/close real positions. Run in a sandbox or test account (and/or with a limited-permission API key) before using with real funds. - Review the update instruction: SKILL.md tells the agent to run 'npx clawhub@latest install maxxit-0g --force' to update — that action downloads remote code. Only run it if you trust the source, and consider pinning versions or reviewing the package before execution. - Check file paths and state: scripts write state/log files; note the hardcoded BASE_DIR (/home/ubuntu/.openclaw/workspace) vs other scripts using current working directory. Ensure this is acceptable in your environment. - Confirm endpoints: MAXXIT_API_URL used by the code should be the official endpoint you trust (https://maxxit.ai is mentioned). Validate the domain independently and avoid using keys with broad permissions. If you want, I can: (a) list every place in the code that reads/writes files or network endpoints, (b) extract the exact API paths the scripts call, or (c) produce a checklist to safely run these scripts in a test environment.

Review Dimensions

Purpose & Capability: okThe skill's name/description (trading via Maxxit + 0G) matches the code: strategy scripts fetch Binance klines, compute signals, and call Maxxit programmatic endpoints to read balances/positions and open/close trades. Required runtime data (MAXXIT_API_URL and MAXXIT_API_KEY) and Binance public APIs are coherent with a trading skill.
Instruction Scope: noteSKILL.md contains explicit routing rules and 'never hallucinate' API parameter rules that constrain actions (good). It also instructs using npx clawhub@latest install ... to update the skill (this would download remote code when run). The SKILL.md metadata sets disableModelInvocation: true (agent shouldn't invoke the model for decisions), but the registry-level disable-model-invocation flag is false — a behavioral mismatch that could change how the agent behaves at runtime.
Install Mechanism: noteThe package contains Python strategy files (no explicit install spec). The only install/update command documented is an npx clawhub command (pulls code from the network when used). That is a normal update mechanism but means an updater/invoker could download and run remote code if they follow the SKILL.md update instruction — a moderate operational risk if you don't trust the source.
Credentials: concernThe SKILL.md and the scripts require MAXXIT_API_KEY and MAXXIT_API_URL (and strategy_common uses MAXXIT_API_KEY as the primary credential), which are appropriate for a programmatic trading integration. However, the skill registry metadata at the top of the report lists 'Required env vars: none' and 'Primary credential: none' (a clear mismatch). Also SKILL.md lists 'curl' in metadata.bins but the shipped Python code uses the requests library rather than curl. These metadata mismatches reduce transparency about what secrets you'd need to provide.
Persistence & Privilege: noteThe skill does not request always:true (no forced global presence) and does not modify other skills. One noteworthy point: several scripts write state/log files to the OpenClaw workspace; strategy_common uses a hardcoded BASE_DIR = /home/ubuntu/.openclaw/workspace while some scripts use os.getcwd() — inconsistent paths could cause state/log files to appear in different locations. Also, the SKILL.md's disableModelInvocation true vs registry false is a capability/behavior mismatch to be resolved before trusting autonomous behavior.