ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Binance Event Contract Skill System

v1.0.0

Continuously fetch and verify live Binance BTCUSDT and ETHUSDT Event Contract data every minute, providing accurate K-line, liquidity, and market info for tr...

0· 104·0 current·0 all-time
by@acwxpunh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims only to fetch Binance market data (BTCUSDT/ETHUSDT) which normally needs no credentials, so the lack of declared env vars/binaries is plausible. However, companion components (risk manager, reporter, executor) describe monitoring account exposure, cumulative P&L, and pushing alerts to Feishu — capabilities that require additional inputs (account state or Feishu credentials) which are not declared anywhere. That gap makes the overall capability claims incoherent.
!
Instruction Scope
The SKILL.md repeatedly instructs the agent to auto-start a cron-like task on agent startup and run every minute, fetch and cache data, sync data to related skills, and push alerts (explicitly Feishu). There are no instructions describing how to obtain or protect credentials, where Feishu pushes are addressed (no endpoint or token declared), or how 'sync to related Skills' is scoped — this gives the agent broad autonomous network and data-synchronization responsibilities without boundaries.
Install Mechanism
This is instruction-only with no install spec or code files, so nothing is written to disk by the skill itself. That lowers installation risk. The embedded 'npx clawhub@latest install ...' lines are just suggested commands, not an install manifest in the registry — there is no install-time code to evaluate.
!
Credentials
No environment variables or credentials are declared, yet the docs expect Feishu pushes and account/capital/exposure monitoring. Monitoring open positions or pushing to Feishu normally requires Binance account/API credentials and a Feishu webhook/API token respectively. The absence of declared required secrets is a mismatch and could mean the skill expects the agent to access unspecified credentials or to receive them ad-hoc — a security risk.
Persistence & Privilege
always:false and autonomous invocation are normal. However, the skill instructs auto-start at Agent startup and to run continuously every minute 24/7. Continuous autonomous network access increases risk surface (exfiltration, data leakage) if the agent is later granted credentials or if the 'sync' targets are misconfigured. The skill does not request elevated platform privileges or claim to modify other skills' configs.
What to consider before installing
This package is coherent about fetching Binance public market data, but multiple parts of the design assume capabilities that are not declared: (1) the reporter promises Feishu push alerts but no Feishu/webhook credentials are requested or described; (2) the risk manager claims to track account exposure and daily P&L but no account/API credentials or data sources are declared; and (3) the skill auto-runs every minute after agent startup and will repeatedly access network endpoints and sync data to other skills. Before installing or enabling this skill, consider the following: - Do not provide your Binance trading API keys or other sensitive credentials to the agent unless you explicitly trust the skill and understand where/how those keys will be stored and used. The SKILL.md forbids trading and storing user account privacy data, but the skill also expects account-level monitoring without declaring how it obtains that information. - Ask the author (or require) explicit declarations for any external integrations: Feishu webhook URL/token, any monitoring/account connectors, and exact endpoints for 'sync to related Skills.' If Feishu or other notification credentials are needed, they should be listed in requires.env and described how they are protected. - If you will not supply account data, verify the skill can operate in a read-only, public-data-only mode (i.e., it should not attempt to query private account endpoints). - Because the skill auto-runs every minute, consider disabling autonomous invocation or only enabling it in a controlled environment until you confirm its behavior. Continuous network polling increases blast radius if credentials are misconfigured or leaked. - If you plan to rely on its risk manager or execution logging for real money decisions, require clear answers on where 'capital' and execution logs come from and how they are stored; otherwise those features are effectively placeholders and could lead to incorrect risk enforcement. Given the mismatches between declared requirements and runtime expectations, treat this skill as untrusted until the author provides explicit details about credentials, notification endpoints, and data flows.

Like a lobster shell, security has layers — review code before you run it.

binancevk978ctxcgmeerq30savjawzan5835z0zcryptovk978ctxcgmeerq30savjawzan5835z0zlatestvk978ctxcgmeerq30savjawzan5835z0zsignalvk978ctxcgmeerq30savjawzan5835z0ztradingvk978ctxcgmeerq30savjawzan5835z0z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments