Headless Crypto trading for agents
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is a real autonomous crypto-trading tool, but its artifacts show unsafe wallet-key handling and high-impact trading actions with limited guardrails.
Review very carefully before installing. If you use it at all, use a small, isolated hot wallet, default to simulation, set strict spending limits, and do not provide valuable private keys. The Solana swap implementation should be corrected before live use because it appears to send private-key-derived data to an external API.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A Solana wallet private key could be exposed to a third-party API, potentially putting all funds controlled by that key at risk.
The Solana swap code takes the value named private_key, decodes it, and includes it in a POST body to Jupiter's external swap API as the user public key. A private key should never be transmitted to a quote/swap API; the public address should be derived locally instead.
"userPublicKey": base58.b58decode(private_key).hex(), ... requests.post(f"{JUPITER_API}/swap", json=swap_payload, timeout=10)Do not use this Solana swap path until it is fixed and audited. The implementation should derive the public key locally, keep the private key only in a local signer, and never send private-key material over the network.
An agent could place real swaps with wallet funds if private keys are available, including trades the user did not separately confirm.
The CLI defaults to real execution unless --simulate is provided, and execute_swap signs and sends on-chain transactions. For an agent-invocable skill, that is high-impact financial mutation without an artifact-backed confirmation gate or amount limit.
parser.add_argument("--simulate", action="store_true", help="Simulate only (dry run)") ... result = execute_swap(... simulate=args.simulate)Require explicit user approval for every live trade, default to simulation, and add clear per-trade limits, maximum daily loss/volume, and allowlisted token/pool controls.
A trading bot based on these examples could continue buying or selling until manually stopped, potentially causing unintended losses.
The strategy reference documents long-running scheduled trading loops. This is disclosed and purpose-aligned, but it can keep operating and placing trades without clear stop, expiry, or operator-review controls.
while True: ... schedule.run_pending() ... time.sleep(60)
Use only with explicit runtime limits, a kill switch, maximum spend/loss settings, and monitoring. Avoid giving an autonomous agent unrestricted wallet access.
Users may install different package versions than the author tested, or packages from the public package index with their own supply-chain risk.
The skill asks users to install unpinned third-party packages manually. This is common for Python integrations, but version pinning and provenance are not specified.
pip install solana web3 anchorpy raydium-py base58 pip install web3 pancakeswap-sdk
Pin dependency versions, verify package sources, and install in an isolated environment such as a virtualenv or container.