ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawtrade Bnb

v1.1.0

Autonomous DeFi trading agent for BNB Chain with multi-strategy engine, network switching, and reinforced learning.

0· 615·0 current·0 all-time
byAlan Estrada@alannetwork
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description (autonomous DeFi trading on BNB) match the shipped code: scheduler, tx executor, network switcher, reinforced learning, dashboard and on-chain logging are present. However the registry metadata advertises no required environment variables or primary credential while the code+docs clearly expect an RPC URL, a wallet private key (PRIVATE_KEY), and notification tokens. That discrepancy is disproportionate and inconsistent.
!
Instruction Scope
SKILL.md explicitly instructs the operator to provide a PRIVATE_KEY via env or .env and to edit RPC endpoints and contract addresses. The runtime flow includes reading/writing config and JSONL logs, emitting events, and executing real blockchain transactions (tx-executor.js). The docs also promote deploying a public dashboard/API (api/logs.js) that reads execution-log.jsonl—if logs or configs include sensitive fields they could be exposed. Instructions give the agent the ability to switch to mainnet and submit signed transactions; this is within the stated purpose but high-impact and the instructions for secret handling are risky and not reflected in declared requirements.
Install Mechanism
No external install spec or remote download is used (instruction-only installer). All code is bundled in the skill. That means nothing is pulled from arbitrary URLs at install time, which lowers supply-chain-install-time risk. However the package contains production-grade transaction-execution code (no external download needed) so installing it grants functionality to sign and send transactions locally.
!
Credentials
The skill metadata lists no required env vars, but SKILL.md and multiple files expect PRIVATE_KEY, RPC endpoints, and notification credentials (e.g., Telegram bot token / chat ID inside config.scheduler.json and notifications.js). Required secrets for executing transactions and sending alerts are therefore undeclared in the registry manifest; that mismatch is a security and transparency problem. The skill will request sensitive credentials (private key) that should have been declared as primaryEnv and documented as required—but they are not.
Persistence & Privilege
always:false (no forced installation) and model invocation is allowed (platform default). The skill does not request system-wide privileges in metadata. Nevertheless, it is autonomous-capable and contains code to sign/submit transactions and to run periodic scheduler cycles; combined with undeclared secrets this increases blast radius if run unintentionally or with a mainnet private key.
What to consider before installing
This skill is functional and can sign and submit real BNB-chain transactions, but the registry metadata does not declare the sensitive environment variables it needs (for example PRIVATE_KEY, RPC URL, and notification tokens). Before installing or running it: - Do not run on mainnet until you have fully audited the code and removed any hardcoded secrets. Start on testnet only. - Treat PRIVATE_KEY as highly sensitive: prefer a hardware wallet or a multisig/remote signer rather than storing raw keys in .env or env vars. - Inspect tx-executor.js, scheduler.js, and notifications.js to confirm what is logged and what is sent to external services; ensure logs (execution-log.jsonl) do not leak secrets before exposing them via the dashboard/API. - Add or require explicit env declarations (RPC_URL, PRIVATE_KEY, TELEGRAM_TOKEN/CHAT_ID, etc.) in the skill manifest so the platform can warn users and gate access. - Consider running the skill inside an isolated environment with limited funds and monitoring, and add human-in-the-loop confirmations for mainnet actions (or enforce multi-sig) before trusting it with meaningful capital. If you want, I can list the specific files that handle signing, logging, and notification (tx-executor.js, scheduler.js, agent-cli.js, on-chain-logger.js, notifications.js, api/logs.js) and point to lines or patterns you should review first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b6jgm6y37t5cttphkjtcwbh81epr9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments