XAUUSD
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is not evidently malicious, but it can continuously trade a real broker account using sensitive credentials, so it should be reviewed carefully before installation.
Install only if you understand it can control a real trading account. Test in Advisory mode with a demo account, verify the broker/order-management code and WebSocket controls, pin dependencies, and do not provide live credentials until you are comfortable with its persistence and risk settings.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled on a live account, the agent could create or close trades without per-trade confirmation and could affect real money.
The skill can place, manage, and close live trades, and one documented safety rule is broadly phrased as closing all positions rather than only skill-created or symbol-scoped positions.
Fully-Automated | Autonomous execution: signal → order → manage → close ... Broker disconnect → close all positions immediately
Start only in Advisory/demo mode, verify exact order-management code, require explicit approval for live orders, and scope any emergency close action to positions the skill opened.
Providing these credentials can let the skill access a brokerage account and, in automated modes, trade on it.
These credentials delegate access to a MetaAPI/MT5 trading account, while the registry metadata says there is no primary credential and no required environment variables.
METAAPI_TOKEN=your_metaapi_token_here MT5_ACCOUNT_ID=your_mt5_account_id_here
Use a demo or restricted account first, keep credentials out of shared environments, rotate tokens after testing, and ensure the registry metadata accurately declares broker credentials.
A local client or another process with access to the WebSocket interface could potentially alter trading mode if the implementation lacks access control.
Mode controls whether the system is advisory, semi-automated, or fully automated, but the provided documentation does not describe authentication, authorization, or approval checks for WebSocket mode commands.
Set the mode in `data/state.json` or via WebSocket command.
Require authentication for WebSocket commands, bind only to localhost, separate read-only dashboard data from control commands, and confirm mode changes with the user.
The trading monitor or bot may continue operating in the background until explicitly stopped.
The README documents user-directed persistent execution and auto-restart. This is aligned with a continuous trading system, but it means the process can keep running after the immediate session.
pm2 start index.js --name metals-desk-os ... pm2 save ... pm2 startup
Use PM2 persistence only after testing, confirm the current mode before enabling it, and document clear stop/disable commands.
Dependency changes could alter behavior or introduce vulnerabilities in a high-impact trading environment.
The npm dependencies use semver ranges, so `npm install` can resolve newer compatible package versions. That is common, but more sensitive here because the app handles broker credentials and trade execution.
"metaapi.cloud-sdk": "^27.0.0", "ws": "^8.16.0", "axios": "^1.7.0"
Pin dependencies with a lockfile, review package provenance, and install in an isolated environment before using live credentials.
Local files may retain trading history and state across sessions.
The skill intentionally stores persistent state, trade history, performance metrics, and bias memory. This is purpose-aligned, but the files can contain sensitive trading records and may influence future decisions.
data/ ... state.json ... trade-log.json ... performance.json ... bias-memory.json
Protect the data directory, review retained logs before sharing the skill folder, and reset state when switching accounts or testing environments.