Vibetrading
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is purpose-aligned for crypto trading, but it can guide an agent to run live leveraged trades using private exchange keys without clearly declared credentials or approval boundaries.
Treat this as a high-risk financial automation skill. It may be useful for backtesting, but do not provide exchange private keys or deploy live strategies unless you fully understand the code, have tested it, use a dedicated limited wallet, and can stop the runner immediately.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated or flawed strategy could place live leveraged crypto trades and lose funds.
The skill documents deploying arbitrary strategy code to a live crypto exchange with credentials on a recurring interval, which can place real trades.
await vibetrading.live.start(
code,
exchange="hyperliquid",
api_key="0xWalletAddress",
api_secret="0xPrivateKey",
interval="1m",
)Use backtesting or paper trading first, require explicit confirmation before any live deployment, and set exchange-side limits where possible.
Providing a private key gives the framework authority over a real trading account and may expose funds if mishandled.
The skill requires a wallet private key for live exchange access, while the registry metadata lists no required env vars or primary credential.
HYPERLIQUID_WALLET=0xYourWalletAddress # HYPERLIQUID_PRIVATE_KEY=0xYourPrivateKey
Use a dedicated low-balance trading wallet, restrict permissions if the exchange supports it, and do not provide primary wallets or keys with withdrawal rights.
Unreviewed strategy code may behave differently from what the user intended, especially when connected to live trading credentials.
The framework executes strategy code read from a local Python file; this is central to the skill, but users should review generated or downloaded strategy code before running it.
asyncio.run(vibetrading.live.start(
open("my_strategy.py").read(),
exchange="hyperliquid",Review strategy code, run validation, and backtest before executing it in any live environment.
The installed package version and dependencies determine the actual runtime behavior, which is not visible in these instruction-only artifacts.
The skill relies on installing an external Python package and optional exchange integration from the package ecosystem; this is expected for the purpose but not pinned in the instructions.
pip install vibetrading pip install "vibetrading[hyperliquid]"
Install from a trusted environment, pin known-good versions, and inspect the package source before using live credentials.
A live strategy may continue opening, closing, or modifying positions until stopped.
The documented live deployment runs repeatedly at a one-minute interval, creating ongoing autonomous trading behavior rather than a one-time user action.
interval="1m"
Start live runners only in a controlled session, monitor them, configure stop conditions, and know how to halt the process before deploying.