Funding Rate Trader

What to consider before installing: - This skill will perform real trades on Binance if you provide API credentials; it is not read-only. The code calls Binance (public endpoints for scanning) and uses ccxt to place futures orders, set leverage, and create stop-loss/take-profit orders. - The registry metadata does NOT declare that a Binance API key/secret is required, but SKILL.md and the code clearly require a local file: ~/.openclaw/secrets/binance.json. Treat that omission as a serious disclosure mismatch — verify requirements before supplying credentials. - If you decide to use it, follow safety steps: - Use an API key with minimal permissions (enable trading for futures if needed, but DO NOT enable withdrawals). - Consider using a Binance subaccount or a small test account with limited funds. - If possible, apply IP whitelisting to the API key and restrict permissions to those strictly needed. - Store the secrets file with restrictive filesystem permissions (chmod 600) and avoid storing keys in shared locations. - Review/understand the createOrder, setLeverage, and stop-order code paths; test on Binance testnet first. - Install dependencies (Node.js, ccxt) in an isolated environment (container or VM) so code cannot affect other systems. - What would change this assessment: if the registry metadata were corrected to declare the required config path and primary credential, and if a clear dependency/install spec were provided, the package would be coherent and likely classed as benign (still risky because it executes trades). Right now the missing disclosure is the main reason this is flagged as suspicious.