Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Binance Event Contract Signal Calculator
v1.0.0Calculates multi-timeframe Binance Event Contract signals for BTCUSDT/ETHUSDT with detailed entries, targets, stop loss, confidence, and position sizing.
⭐ 0· 113·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and SKILL.md consistently target Binance Event Contract signals for BTCUSDT/ETHUSDT. However, the skill explicitly depends on three external components (binance-event-contract-data-fetcher, binance-ict-recognizer, binance-event-contract-risk-manager) yet the skill metadata declares no dependencies, binaries, or required credentials. That omission makes the capability incomplete or under-specified.
Instruction Scope
Runtime instructions require minute-level K-line, orderbook/liquidity (bid/ask ≥ 500k USDT checks), ICT structure recognition, and risk parameters. The SKILL.md does not define how to obtain those feeds, which API(s) to call, or which component is responsible for credentials and network access. The doc also includes automated trigger behavior ('auto-trigger every minute') and fallback rules but leaves broad discretion to the agent — this vagueness could lead to the agent attempting to call unknown services or request credentials at runtime.
Install Mechanism
Instruction-only skill (no install spec in registry) — no code is written to disk by the skill itself. SKILL.md includes an npx clawhub install command which is a standard installer invocation; no downloads or extract instructions are embedded in the skill content.
Credentials
The skill requires detailed market data and orderbook liquidity checks that normally need exchange API access or a data provider (and therefore API keys or credentials), but the registry metadata lists no required env vars or primary credential. This gap is disproportionate/unexplained: either the skill depends on other preinstalled skills to supply the data (not declared), or it would need credentials at runtime (not declared).
Persistence & Privilege
Skill flags show always:false and normal autonomous invocation settings. The skill does not request system-wide persistence or modify other skills' configs in its instructions.
What to consider before installing
This skill describes a plausible trading-signal generator but is under-specified: it references three data components (data fetcher, ICT recognizer, risk manager) and needs orderbook/liquidity data that normally require exchange or data-provider credentials — yet the skill declares no dependencies or env vars. Before installing, confirm: (1) where the live K-line and orderbook data will come from and which component will supply it; (2) whether you must provide Binance API keys or a data-feed credential, and NEVER paste secret keys into general chat or to untrusted skills; (3) that the referenced helper skills (fetcher/recognizer/risk-manager) are available and vetted; (4) how the skill will act on signals (pure alerts vs. automated order placement); and (5) test in a read-only sandbox/backtest first — ignore bold claims of very high win rates without independent verification.Like a lobster shell, security has layers — review code before you run it.
latestvk97aeqtt4b0tpafdxqacr2dwcn83498q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.