ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Binance Grid Trading

v1.0.1

网格交易策略 - 自动化低买高卖。每次调用自动扣费 0.001 USDT

0· 155·0 current·0 all-time
by@chenghaifeng08-creator

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chenghaifeng08-creator/binance-grid-trading-automaton.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Binance Grid Trading" (chenghaifeng08-creator/binance-grid-trading-automaton) from ClawHub.
Skill page: https://clawhub.ai/chenghaifeng08-creator/binance-grid-trading-automaton
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: SKILLPAY_API_KEY
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install chenghaifeng08-creator/binance-grid-trading-automaton

ClawHub CLI

Package manager switcher

npx clawhub@latest install binance-grid-trading-automaton
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to automate Binance grid trading and charges 0.001 USDT per call. The manifest requires SKILLPAY_API_KEY (consistent with a paid skill), and skill.yaml declares network permission (consistent with contacting exchanges). However, the included index.js does not call Binance APIs at all; it fetches a placeholder URL (https://example.com) and never uses the declared SKILLPAY_API_KEY. This mismatch between claimed capability (trading) and actual implementation is suspicious.
Instruction Scope
SKILL.md only instructs using the handler actions (start, stop, status) and documents pricing and risks. It does not instruct reading other system files or environment variables beyond SKILLPAY_API_KEY. The runtime instructions do not provide implementation detail for exchange credentials or how trading/orders are executed, which is a notable omission for a trading skill.
Install Mechanism
There is no install spec (instruction-only) and only a small index.js is present. No downloads or extract steps are used. This is low install risk.
!
Credentials
The skill requires a secret SKILLPAY_API_KEY (declared in SKILL.md and skill.yaml) but the runtime code (index.js) never reads or uses that variable. Requesting a secret that is not used is disproportionate and potentially misleading — it could cause users to provide a secret unnecessarily (or assume billing is enforced when it isn't). No exchange API credentials are requested despite the trading purpose.
Persistence & Privilege
The skill is not always-enabled and does not request special system-level persistence. skill.yaml lists network permission which is expected for a trading skill. There is no evidence it modifies other skills or system configuration.
What to consider before installing
This skill looks inconsistent: it advertises paid automated Binance grid trading but the shipped code does not call Binance or use the declared SKILLPAY_API_KEY — instead it hits a placeholder URL and treats failures as "paid". Before installing or providing any secret: - Do not supply real exchange API keys or private keys to this skill. The code does not show how trading would be performed or how your exchange credentials would be used safely. - Do not provide your SKILLPAY_API_KEY unless you understand how billing is enforced; the code currently does not use it, so payment behavior is unclear. - Ask the publisher for a clear explanation and for source that actually integrates with Binance (signed requests, order placement logic) and a trustworthy billing flow. Prefer code that uses official Binance SDK/endpoints and reads configured credentials explicitly. - If you still want to test, run it in an isolated/sandbox environment with no real funds and monitor network traffic. Consider requesting a reputable publisher or community-audited alternative. Because of the mismatches, treat this skill with caution — the behavior could be an unfinished/stub implementation or an attempt to misrepresent paid behavior.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvSKILLPAY_API_KEY
latestvk973myx69bmn5bk1vs486bewqh83hkdb
155downloads
0stars
1versions
Updated 1mo ago
v1.0.1
MIT-0
@chenghaifeng08-creator
latest
Download

💰 付费服务

网格交易定制:

服务价格交付
策略参数优化¥1500/次回测 + 最佳参数
多币种组合¥3000/份5 币种网格组合
定制系统¥8000 起个性化定制
月度顾问¥5000/月每周调整 + 监控

联系: 微信/Telegram 私信,备注"网格交易"

--- secret: true

Binance Grid Trading

在指定价格区间内自动网格交易,低买高卖。

什么是网格交易?

网格交易是一种自动化交易策略,将价格区间分成若干网格,在每个网格价格自动买入或卖出。

核心功能

  • 区间设置: 自定义价格上限和下限
  • 网格数量: 可调整网格密度(5-100格)
  • 自动套利: 价格触网格自动买卖
  • 利润追踪: 实时显示已获利金额

策略参数

  • 价格区间: 用户自定义(如 $42,000-$45,000)
  • 网格数量: 5-100
  • 订单类型: 限价单
  • 止盈策略: 可选

使用示例

// 查看网格状态
await handler({ action: 'status' });

// 创建新网格
await handler({ 
  action: 'start', 
  pair: 'BTC/USDT', 
  min: 42000, 
  max: 45000,
  grids: 10 
});

// 停止网格
await handler({ action: 'stop' });

价格

每次调用: 0.001 USDT

风险提示

  1. 震荡市场效果最好
  2. 单边趋势可能导致亏损
  3. 需充足资金覆盖所有网格
  4. 建议设置止盈止损
  5. 价格突破区间需要手动干预

网格交易技巧

  1. 选择震荡剧烈的币种
  2. 合理设置价格区间
  3. 预估资金需求
  4. 定期检查和调整
  5. 设置自动止损

适合人群

  • 不想时刻盯盘的投资者
  • 喜欢稳健收益的交易者
  • 对市场有区间判断能力的用户

Comments

Loading comments...