ClawHub
Back to skill
v1.0.0

Crypto Arbitrage

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:52 AM.

Analysis

This skill asks for crypto exchange trading credentials and supports automatic trades, while its metadata does not declare those credentials and the implementation appears to simulate prices rather than use live exchange data.

GuidanceReview carefully before installing. Do not provide unrestricted crypto exchange keys; use sandbox or tightly restricted trade-only keys with withdrawals disabled. Keep dry-run mode on and auto-execution off until you verify the code uses real, correct exchange data and has clear human confirmation, capital limits, loss limits, and stop controls.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
await scanner.configureAutoExecute({
  enabled: true,
  minProfit: 1.0,
  maxCapital: 5000,
  maxDailyTrades: 20,
  cooldown: 5000
});

The documented workflow enables automatic financial trades up to $5k each and 20 trades per day, without showing a required per-trade confirmation step.

User impactAutomatic crypto trades can create real financial losses if prices, fees, liquidity, or exchange state are wrong.
RecommendationKeep auto-execution disabled by default, leave dryRun enabled until verified, require human confirmation for each live trade, and enforce strict daily loss and exposure limits.
Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
index.js
// Simulated prices (in production, fetch from exchange APIs)

The implementation says prices are simulated, while the documentation presents the skill as real-time multi-exchange monitoring and arbitrage execution. This mismatch could cause users to trust non-live recommendations.

User impactA user may make trading decisions or pay for a tool believing it uses live exchange data when the supplied code appears to generate simulated opportunities.
RecommendationTreat the skill as a demo unless live exchange integration is clearly implemented, tested, and documented; require the documentation to label simulated data prominently.
Rogue Agents
SeverityLowConfidenceHighStatusNote
index.js
this.scanTimer = setInterval(() => {
  this._scanOpportunities(pairs);
}, interval);

The scanner starts a recurring loop that continues until stopScanning is called. This is expected for a real-time scanner, but it matters when paired with auto-execution.

User impactThe skill may continue monitoring, and potentially acting if auto-execution is enabled, until explicitly stopped.
RecommendationStop the scanner when finished, disable auto-execution unless actively supervised, and ensure any background trading loop has visible status and emergency-stop controls.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
await scanner.addExchange('binance', {
  apiKey: 'your-binance-key',
  apiSecret: 'your-binance-secret',
  sandbox: false
});

The skill asks for exchange API keys and secrets and shows non-sandbox use. Those credentials can grant trading or account authority, but the registry lists no primary credential or required env vars.

User impactIf given overly broad exchange keys, the skill or an invoking agent could trade with real funds or expose sensitive account access.
RecommendationUse sandbox mode first, create restricted API keys with withdrawals disabled, limit trading permissions and capital, and require the skill metadata to clearly declare all credentials it uses.