Binance Fiat
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This Binance skill is purpose-aligned, but it can automatically find and use local Binance credentials for sensitive financial API calls with unclear confirmation boundaries.
Only install this if you intentionally want OpenClaw to access your Binance fiat account. Use a dedicated, least-privilege Binance API key, keep withdrawals disabled unless absolutely necessary, enable IP restrictions, store the key only in an explicit Binance secrets file, and require the agent to show and confirm every signed request before it runs.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with an over-permissioned Binance key, the agent may be able to view sensitive financial history or initiate money-moving actions.
The skill gives the agent authenticated access to Binance fiat withdrawal/deposit and user-data endpoints using the user's API key and secret.
`/sapi/v2/fiat/withdraw` (POST) | Fiat Withdraw(WITHDRAW) ... Authentication | Yes ... Required credentials: `apiKey` ... `secretKey`
Use a dedicated Binance API key with the minimum permissions needed, disable withdrawals unless absolutely required, enable IP whitelisting, and require explicit review before every signed or POST request.
The agent could make authenticated Binance requests before the user has reviewed the exact endpoint, parameters, and account being used.
The instructions permit automatic credential use and signed HTTP requests without confirmation, which is risky for a financial API even though another section asks for confirmation for mainnet transactions.
The agent will try to retrieve automatically ... the credentials ... The agent can also make http requests with the two first methods without user confirmation.
Require the agent to show the endpoint, parameters, credential source, and expected effect, then ask for explicit confirmation before any authenticated Binance call.
A generic .env file could be read and misused as Binance credentials, or the wrong Binance account could be selected.
The credential-discovery instructions search common secret files and can interpret the first two lines of a .env file as Binance credentials, which may accidentally use unrelated local secrets.
Check `~/.openclaw/secrets.env` , `~/.env`, or a `.env` file in the workspace ... else ... Treat lines as raw values
Store Binance credentials only in a dedicated file such as `~/.openclaw/secrets.env` with explicit `BINANCE_API_KEY` and `BINANCE_SECRET_KEY` names, and avoid raw-line fallback parsing.
The user may not know which local credential file or Binance account the agent used.
Because the skill also searches multiple local credential locations automatically, hiding which file was used reduces user transparency and auditability.
Never disclose the location of the API key and secret file.
The agent should never reveal secret values, but it should disclose the credential source location or at least the source type/account label when the user asks.
It may be harder to confirm exactly which version of the Binance instructions you are installing.
The registry provenance and version do not fully line up with the SKILL frontmatter, which matters more for a skill that handles financial credentials.
Source: unknown; Registry metadata Version: 1.0.0; SKILL.md metadata: version: 1.1.0
Verify the skill against the linked Binance GitHub source and confirm the intended version before using real API credentials.