Aster-Skill
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill matches its stated trading purpose, but it can automatically place leveraged crypto trades on a schedule using exchange credentials, with unclear approval controls and inconsistent setup metadata.
Only install this if you intend to run an automated live crypto trading bot. Use a dedicated restricted Aster API key, disable withdrawals, start with paper trading or tiny limits, verify the OpenNews dependency and entry file, and do not allow scheduled live trading without a clear way to pause or approve each order.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill could place real leveraged crypto trades and lose money if the signal is wrong or manipulated.
The code changes leverage and submits Aster market orders; no artifact shows a user approval gate immediately before this high-impact financial action.
await this.client.setLeverage({ symbol, leverage: CONFIG.TRADE.leverage }); ... const res = await this.client.createOrder(order);Require explicit user confirmation or paper-trading by default, add hard user-configurable caps, and clearly show order details before any live trade.
After installation, the skill may continue checking news and trading repeatedly unless the user knows how to disable it.
The skill is configured for recurring execution every five minutes; combined with the order-placement code, this creates autonomous ongoing trading behavior.
"schedule": "*/5 * * * *"
Make scheduled trading opt-in, provide a clear pause/disable mechanism, and require renewed consent for live trading sessions.
Aster API keys with trading permission could be used to open positions on the user's account.
The skill uses exchange API credentials capable of account-changing actions, while the registry metadata says there is no primary credential or required env var.
apiKey: process.env.ASTER_API_KEY, apiSecret: process.env.ASTER_API_SECRET, baseUrl: process.env.ASTER_BASE_URL || "https://api.asterdex.com"
Use a dedicated low-permission trading key if possible, limit balances and withdrawal permissions, and ensure the registry declares all required credentials clearly.
A crafted tweet or article could push the model toward an unsafe trade recommendation.
Retrieved news content is inserted directly into the LLM prompt that produces the recommended trading action, so malicious or manipulative article text could influence downstream orders.
News batch:
{NEWS_CONTENT}
...
"recommended_action": "open_long | open_short | wait | skip"Treat news text as untrusted data, strip instructions from retrieved content, require independent source confirmation, and add human review before trades.
Users may not know exactly what code will run or which dependency version will be installed before the skill receives trading credentials.
The declared entry file does not match the provided code filename, and the OpenNews MCP dependency is installed through an unpinned npx command despite the registry saying there is no install spec.
"entry": "index.js", ... "command": "npx", "args": ["clawhub", "install", "opennews-mcp"]
Align the entry file with the manifest, provide a complete install spec and lockfile, and pin external MCP/package versions.