ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Go Trader

v1.0.0

Control and monitor the go-trader cryptocurrency trading system with natural language commands for strategies, status, risk, and emergency stops.

0· 43·1 current·1 all-time
byCyber leo@cyberleo986
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's stated purpose (control and monitor a local go-trader) aligns with the behavior in control.sh (curl localhost:8099/status, /health; start/restart/stop via systemctl; view logs via journalctl). However the SKILL.md and registry metadata do not mention that the implementation uses systemctl/journalctl or requires curl/python3, and the control.sh header refers to Telegram even though no Telegram integration is present. These omissions are inconsistent with the manifest.
!
Instruction Scope
SKILL.md describes monitoring and control, including emergency stop; the shipped script implements these by invoking systemctl to stop/start/restart the go-trader service and journalctl to read logs. Those operations touch system services and system logs (beyond just HTTP queries to localhost). The instructions do not declare these actions or warn that the agent will need privilege to run them, nor do they limit when emergency actions may be invoked.
Install Mechanism
This is an instruction-only skill with a small shell script and no install spec; nothing is downloaded or installed by the skill itself, which is low risk. The script will run local commands when invoked.
!
Credentials
The registry lists no required binaries or credentials, but control.sh requires curl, python3 (for json.tool), journalctl, and systemctl. It may also require elevated privileges (or membership in systemd/journal groups) to stop/start services and read logs. The manifest should declare these dependencies and the need for appropriate privileges; the absence is a proportionality mismatch.
!
Persistence & Privilege
always is false (good), but the skill — if invoked — can perform high-privilege actions (systemctl stop/start/restart) and read system logs. Because autonomous invocation is allowed by default, the ability to halt trading is high impact. The skill does not request persistent presence, but its actions require system-level privileges that should be explicitly acknowledged and constrained.
What to consider before installing
This skill runs a local shell script that queries localhost:8099 and uses systemctl and journalctl to control and inspect the go-trader service. Before installing: (1) verify the skill's origin and review the control.sh contents yourself, (2) expect to need curl and python3 on PATH and sufficient permissions to run systemctl/journalctl (it may require root or group membership), (3) be cautious about allowing autonomous invocation — an agent could stop trading if triggered; prefer user-invocable only or require explicit confirmations, (4) test in a safe (paper-trading or staging) environment first, and (5) ask the publisher to update the manifest to declare required binaries and document privilege requirements and the apparent (but unused) Telegram note. If you cannot review or limit its privileges, do not install it on a production trading host.

Like a lobster shell, security has layers — review code before you run it.

latestvk973s1h53qv6a73er6cwt8sxjs8594je
43downloads
0stars
1versions
Updated 21h ago
v1.0.0
MIT-0
Cyber leo@cyberleo986
latest
Download

go-trader Trading Bot Control

Control the go-trader cryptocurrency trading system through natural language commands.

Available Commands

Status & Monitoring

  • "What's my trading status?" → Check all positions and P&L
  • "Show my BTC position" → Get specific asset status
  • "Check trading health" → Verify go-trader is running
  • "View recent trades" → Display recent trading activity
  • "Show trading logs" → View system logs

Control Commands

  • "Enable momentum strategy" → Activate momentum trading
  • "Disable RSI strategy" → Pause RSI strategy
  • "Switch to paper trading" → Change to paper trading mode
  • "Switch to live trading" → Enable live trading (WARNING)

Risk Management

  • "Emergency stop all" → Immediately halt all positions
  • "Show risk status" → Display current risk metrics
  • "Reset trading state" → Clear and reset trading state

System Information

  • go-trader API: localhost:8099
  • Status endpoint: /status
  • Health endpoint: /health

Safety

  • Always confirm before enabling live trading
  • Default to paper trading mode
  • Emergency stop available for urgent situations

Comments

Loading comments...