Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Maxxit Lazy Trader
v1.2.20Execute perpetual trades on Ostium, Aster, and Avantis via Maxxit's Lazy Trading API, and trade Indian stocks through Zerodha Kite. Includes programmatic end...
⭐ 2· 2.4k·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Description and SKILL.md claim Maxxit Lazy Trading and also trading Indian stocks via Zerodha Kite, but none of the shipped code references Zerodha APIs or requests Zerodha credentials. Registry metadata (top-level summary) lists no required env vars, while SKILL.md and the code require MAXXIT_API_KEY and MAXXIT_API_URL. SKILL.md metadata also declares the 'curl' binary but the Python scripts use the 'requests' library. These mismatches suggest the manifest and description are out of sync with the implementation.
Instruction Scope
SKILL.md instructs the agent to call Maxxit programmatic endpoints and to never hallucinate API parameters — that is appropriate for a trading skill. The scripts fetch public Binance klines and call Maxxit endpoints (user-details, balance, positions, open/close-position). They read/write state and logs inside workspace paths. However, SKILL.md sets disableModelInvocation: true (preventing autonomous invocation) while registry-level flags show model invocation allowed by default — contradictory. The skill's instructions and routing rules are strict about venues and parameter sourcing, which is good, but the manifest contradictions create ambiguity about how the agent will actually behave at runtime.
Install Mechanism
This is an instruction-only skill (no install spec). The distributed package contains Python scripts and a README; nothing in the manifest downloads remote archives or runs installers. That is the lower-risk install model. However, the SKILL.md references npx clawhub for updates (a benign CLI instruction).
Credentials
The primary credential MAXXIT_API_KEY / MAXXIT_API_URL requested by SKILL.md and used across the code is reasonable for a Maxxit trading integration. But the description's mention of Zerodha Kite (and Indian stocks) without asking for any Zerodha credentials is inconsistent and unexplained. Also, the top-level registry summary omitted MAXXIT env requirements while SKILL.md declares them — this could mislead users into installing without supplying necessary secrets. Several files use differing BASE_DIR conventions (some use os.getcwd(), strategy_common uses a hard-coded '/home/ubuntu/.openclaw/workspace'), which may cause state/logs to be written to unexpected locations.
Persistence & Privilege
The skill does not request 'always: true' and does not attempt to alter other skills. It writes per-strategy state and log files in workspace directories (normal for long-running trading scripts). The SKILL.md's disableModelInvocation flag (true) conflicts with registry defaults; if the skill is allowed to be invoked autonomously while it contains trading-execution code, that increases risk — consider restricting autonomous invocation or requiring explicit user confirmation before any trade-executing call.
What to consider before installing
Do not install or supply your MAXXIT_API_KEY until you clarify a few things with the skill author: (1) Confirm whether Zerodha/Kite support is implemented — if it is, ask which environment variables and credentials are required; (2) Ask why the registry metadata omits MAXXIT env vars and why SKILL.md lists 'curl' even though the code uses Python requests; (3) Request a short security/readme note explaining where state/log files are written (strategy_common uses a hard-coded '/home/ubuntu/.openclaw/workspace'); (4) Run the scripts in a sandboxed workspace with a test API key or testnet account first — do not use real funds until you verify behavior; (5) If you want to limit blast radius, disable autonomous invocation or ensure the agent requires explicit user confirmation before any call that opens/closes positions; (6) Note there are small implementation issues (e.g., some scripts reference requests but are missing imports or use inconsistent BASE_DIRs) — ask the maintainer for a patch or run a code review locally before trusting it with real credentials/funds.Like a lobster shell, security has layers — review code before you run it.
latestvk97f76tavx1mq662b7242c1kk5836s69
License
MIT-0
Free to use, modify, and redistribute. No attribution required.