Back to skill
Skillv1.1.0
ClawScan security
Binance Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 13, 2026, 9:14 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to be a CLI wrapper for Binance and uses an npm bin (reasonable), but it claims to require authentication while not declaring any credentials or config paths and has no upstream source/homepage — these gaps reduce transparency and warrant caution.
- Guidance
- This skill is plausibly a legitimate Binance CLI wrapper (it installs a named npm package and documents many Binance endpoints), but there are two practical concerns: (1) it repeatedly says 'Requires auth' yet the package/skill metadata doesn't declare where API keys/secrets should be set (env vars, config path, or profile). Ask or inspect references/auth.md to confirm how credentials are provided and stored, and whether they are kept locally or written to a file. (2) The registry entry has no source or homepage; before installing, verify the npm package author/publisher and prefer official Binance-maintained releases (check publisher, package README, and GitHub repo). If you proceed, create API keys with the minimum permissions needed (avoid enabling withdrawal if not required), use IP-restrictions on keys where possible, and require manual CONFIRM for any production transactions (as SKILL.md suggests). If you cannot validate package origin or the auth flow, treat this skill as untrusted and do not install or provide live API credentials.
Review Dimensions
- Purpose & Capability
- concernName/description match the provided SKILL.md and the install of an npm package that provides a bin named binance-cli (coherent). However the skill repeatedly says 'Requires auth' yet the registry metadata lists no required environment variables, no primary credential, and no required config paths — an inconsistency between claimed purpose (authenticated Binance operations) and declared requirements.
- Instruction Scope
- noteSKILL.md instructs the agent to run binance-cli commands and references a local references/auth.md for authentication and security rules. The runtime instructions themselves do not ask the agent to read arbitrary system files or exfiltrate data, but they depend on authentication behavior documented in auth.md (not inlined here), so the exact runtime access pattern depends on that file.
- Install Mechanism
- noteInstall is via npm package '@binance/binance-cli' which is an expected way to deliver a CLI; this is moderate-risk but standard. Missing upstream source/homepage in the registry metadata reduces transparency — verify the package publisher and the npm/GitHub release before installing.
- Credentials
- concernThe skill handles many authenticated endpoints (trading, withdrawals, futures, etc.) but declares no environment variables or primary credential. Real Binance CLI tooling normally requires API key and secret (or a config file/profile). Not declaring how/where credentials are supplied is disproportionate and prevents an informed decision about secret exposure.
- Persistence & Privilege
- okThe skill is not always-enabled, and model invocation is allowed (default). There is no install behavior shown that modifies other skills or system-wide configurations. Persistence/privilege level is normal for a user-invocable CLI skill.