Back to skill
Skillv2.0.2
ClawScan security
Cex Trader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 7:15 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests, files, and runtime instructions are coherent with its stated purpose (a remote MCP-backed CEX trading layer); it legitimately needs exchange API keys and a server URL, but those keys will be transmitted to an MCP server by design and that is the primary risk users should accept or mitigate.
- Guidance
- This skill is internally consistent for remote trading: it needs your OKX/Binance API keys so the MCP server can place orders. Before installing, consider: (1) the default hosted MCP URL (https://mcp-skills.ai.antalpha.com/mcp) will receive your keys — set MCP_SERVER_URL to a self-hosted server if you want to keep keys in your own infrastructure; (2) always create API keys without withdrawal/transfer permissions and enable IP allowlisting on exchange side; (3) you can use demo/sandbox accounts first to test; (4) review the included install.sh and ~/.trader/config.toml to confirm only risk params are written locally; (5) if you don't trust the hosted MCP, do not provide real keys or run your own MCP server. If you want, I can list the exact lines where credentials are sent and where the default MCP URL is referenced.
Review Dimensions
- Purpose & Capability
- okName/description (CEX trading for OKX/Binance) match the declared env vars (OKX & Binance API keys) and the provided tools (spot/futures/account/setup). No unrelated credentials or binaries are requested.
- Instruction Scope
- noteSKILL.md and the CLI instruct the agent to call MCP tools and to send API credentials to the MCP server (cex-setup-save → mcp / MCP_SERVER_URL). This is consistent with a remote-trading architecture but is materially different from a purely local-only tool: your API keys are transmitted to the MCP endpoint.
- Install Mechanism
- okThere is no install spec declared (instruction-only in the registry). The repo includes an install.sh and a CLI script, but nothing will be auto-downloaded from untrusted URLs. install.sh only creates ~/.trader/config.toml (risk params) and makes the CLI executable.
- Credentials
- noteRequested env vars (CEX_OKX_*/CEX_BINANCE_* and MCP_SERVER_URL) are proportional to the skill's function. Important: the skill explicitly transmits API keys from environment variables to the MCP server; users should treat this as credential exposure to the configured server and only use keys without withdrawal permissions and with appropriate allowlists.
- Persistence & Privilege
- okalways is false and the skill does not request permanent/global privileges or modify other skills. install.sh writes only its own config (~/.trader/config.toml) containing risk parameters, not API keys.