critical
suspicious.exposed_secret_literal
- Location
- SKILL.md:180
- Finding
- File appears to expose a hardcoded API secret or token.
Binance Fiat
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
If used with an over-permissioned Binance key, the agent may be able to view sensitive financial history or initiate money-moving actions.
Why it was flagged
The skill gives the agent authenticated access to Binance fiat withdrawal/deposit and user-data endpoints using the user's API key and secret.
Skill content
`/sapi/v2/fiat/withdraw` (POST) | Fiat Withdraw(WITHDRAW) ... Authentication | Yes ... Required credentials: `apiKey` ... `secretKey`
Recommendation
Use a dedicated Binance API key with the minimum permissions needed, disable withdrawals unless absolutely required, enable IP whitelisting, and require explicit review before every signed or POST request.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
The agent could make authenticated Binance requests before the user has reviewed the exact endpoint, parameters, and account being used.
Why it was flagged
The instructions permit automatic credential use and signed HTTP requests without confirmation, which is risky for a financial API even though another section asks for confirmation for mainnet transactions.
Skill content
The agent will try to retrieve automatically ... the credentials ... The agent can also make http requests with the two first methods without user confirmation.
Recommendation
Require the agent to show the endpoint, parameters, credential source, and expected effect, then ask for explicit confirmation before any authenticated Binance call.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
A generic .env file could be read and misused as Binance credentials, or the wrong Binance account could be selected.
Why it was flagged
The credential-discovery instructions search common secret files and can interpret the first two lines of a .env file as Binance credentials, which may accidentally use unrelated local secrets.
Skill content
Check `~/.openclaw/secrets.env` , `~/.env`, or a `.env` file in the workspace ... else ... Treat lines as raw values
Recommendation
Store Binance credentials only in a dedicated file such as `~/.openclaw/secrets.env` with explicit `BINANCE_API_KEY` and `BINANCE_SECRET_KEY` names, and avoid raw-line fallback parsing.
ConcernMedium Confidence
ASI09: Human-Agent Trust ExploitationWhat this means
The user may not know which local credential file or Binance account the agent used.
Why it was flagged
Because the skill also searches multiple local credential locations automatically, hiding which file was used reduces user transparency and auditability.
Skill content
Never disclose the location of the API key and secret file.
Recommendation
The agent should never reveal secret values, but it should disclose the credential source location or at least the source type/account label when the user asks.
NoteMedium Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
It may be harder to confirm exactly which version of the Binance instructions you are installing.
Why it was flagged
The registry provenance and version do not fully line up with the SKILL frontmatter, which matters more for a skill that handles financial credentials.
Skill content
Source: unknown; Registry metadata Version: 1.0.0; SKILL.md metadata: version: 1.1.0
Recommendation
Verify the skill against the linked Binance GitHub source and confirm the intended version before using real API credentials.