Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Headless Crypto trading for agents
v1.0.1Autonomous trading for AI agents on Solana and BNB Chain. Use when: (1) executing token swaps on DEXs (Raydium, PancakeSwap), (2) checking token prices and b...
⭐ 0· 540·0 current·0 all-time
byCrypto Dev@bnbcompanions
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description match the included scripts: price checks, balance queries, pool monitoring and swaps for Raydium (Solana) and PancakeSwap (BNB). That capability set reasonably justifies dependencies on web3/solana libs and RPC endpoints. However, the registry metadata declares no required env vars or primary credential while both SKILL.md and the scripts clearly expect private keys and RPC URL environment variables — a mismatch that reduces transparency and is unexpected.
Instruction Scope
The SKILL.md instructs use of private keys via environment variables and the scripts read those env vars. Critically, scripts/swap.py (swap_solana) builds a POST payload to the Jupiter API that includes "userPublicKey": base58.b58decode(private_key).hex(), which will send decoded private-key bytes (not a public key) to an external service (quote-api.jup.ag) as part of the /swap call. This is a direct secret-exfiltration risk (private key data being transmitted to third-party endpoints). The instructions also tell users to store private keys in env vars but the skill metadata doesn't declare these env vars — another scope/transparency issue.
Install Mechanism
There is no formal install spec in the registry (instruction-only), and SKILL.md lists pip packages to install. That is a moderate operational requirement but not an unusual install mechanism; nothing is downloaded from obscure URLs or written by an installer. The code will require third-party Python packages at runtime, but there is no hidden installer.
Credentials
The code expects and uses secrets and config not declared in the registry: SOLANA_PRIVATE_KEY and BNB_PRIVATE_KEY (used as private keys), and SOLANA_RPC_URL / BNB_RPC_URL (RPC endpoints). Requiring private keys is proportional to a trading skill only if those keys are stored and used safely — here they may be transmitted to external APIs. The skill asks users to provide private keys but does not declare them in metadata, and the code's handling of keys (see instruction_scope) is disproportionate and dangerous.
Persistence & Privilege
The skill is not marked always:true, is user-invocable, and does not request system-wide or cross-skill configuration changes. It does not request persistent platform privileges in the manifest. Autonomous invocation is allowed (platform default) but this alone is not flagged — however, combined with the secret-exfiltration risk it increases blast radius.
What to consider before installing
Do not run this skill with real private keys or on a wallet holding funds. The scripts contain code that will (likely unintentionally) transmit decoded private-key bytes to a third-party API (Jupiter swap endpoint) when performing Solana swaps — that effectively leaks your private key. Before using: (1) Do not set SOLANA_PRIVATE_KEY or BNB_PRIVATE_KEY in any environment the skill can access. (2) Require the author explain why a decoded private-key byte sequence is being sent to external swap APIs; fix the code so only public keys (not private keys) are used in requests and never include private key material in network payloads. (3) Update the registry metadata to declare required env vars (RPC URLs and private-key env var names) and document secure vault usage. (4) Audit and test on testnet with throwaway keys only; consider running the code in an offline/sandboxed environment and review/fix the swap_solana implementation (avoid base58.b58decode(private_key) → hex being sent externally). If you cannot confirm those fixes, treat the skill as unsafe and avoid installing it with access to any real secrets or funds.Like a lobster shell, security has layers — review code before you run it.
latestvk97bh7yschmtjk5wx1xnt1navs81ejva
License
MIT-0
Free to use, modify, and redistribute. No attribution required.