ClawHub

Shadow Binance Bot

v1.3.3

Analyze your Binance trade history and portfolio to identify emotional trading patterns and simulate alternative strategies for educational trading insights.

0· 93·0 current·0 all-time
by@acevod
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the requested resources: BINANCE_API_KEY and BINANCE_API_SECRET and a Node >=18 runtime. The code calls Binance read-only endpoints (account, myTrades, futures income) and implements analysis and simulation logic. No unrelated credentials, binaries, or platform access are requested.
Instruction Scope
SKILL.md and src/index.cjs instruct the agent to use environment variables (preferred) or a local config.env for development. Runtime behavior is limited to reading Binance data, analyzing it, running local simulations, and printing reports. The code reads config.env only as a local fallback and does not transmit data to third-party endpoints other than Binance.
Install Mechanism
There is no external install/download step in the registry metadata or SKILL.md; the package contains Node.js source files and requires Node >=18. No remote archives, URL downloads, or package installs are executed by an install script in the provided metadata.
Credentials
The required environment variables (BINANCE_API_KEY, BINANCE_API_SECRET, optional SPOT_SYMBOLS) are proportionate and necessary for the stated purpose. The code does not request additional secrets or unrelated environment/config paths. It does read a local config.env fallback for development — which is reasonable but a potential local-storage consideration (see guidance).
Persistence & Privilege
always:false (no forced presence). The skill does not modify other skills or system-wide settings, nor does it write files during normal operation (it reads config.env if present). Agent autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This skill appears to do what it says: read your Binance account/trade history and run local simulations and coaching reports. Before enabling it: 1) Use a Binance API key limited to read-only permissions only, and enable IP restrictions if your platform supports it. 2) Prefer injecting keys via platform environment variables rather than creating a config.env file in the repository or workspace (the code will read config.env as a local fallback). 3) Review that your agent platform isolates environment variables from other skills — a read-only key is low-risk, but keep keys private and rotate them if you later stop using the skill. 4) If you want extra assurance, review the full repository files (they are included) or run the skill in Demo Mode (no keys) to confirm behavior. Overall the files are internally consistent with the claimed read-only analysis purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cwrk50ghqyn2qym0qew11vd848evc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments