Skillv1.0.21

ClawScan security

moss-trade-bot-factory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 19, 2026, 4:06 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, instructions, and requested capabilities are consistent with a local-first trading-bot/backtest tool that optionally talks to a remote verification/trading platform when the user explicitly requests it — but it includes a default third‑party platform URL and network/shell permissions, so you should review and explicitly consent to any upload/live steps and the credentials file before using those features.
Guidance: This skill appears to do what it says: build strategies, run local backtests, and optionally upload or run live through a remote platform. Before using it: - Keep uploads and live trading disabled unless you deliberately choose them. The skill defaults to a third‑party platform URL (https://ai.moss.site); only provide your API credentials or call upload/live if you trust that endpoint or explicitly override it with a URL you control. - Inspect any agent_creds.json file (default ~/.moss-trade-bot/agent_creds.json) before handing it to the skill — it will contain api_key/api_secret that enable trading. The skill will use those keys for HMAC-authenticated requests when you request upload/live. - Network, shell, and filesystem permissions are required by the skill; running its Python scripts will execute code included in the bundle — if you did not obtain the code from a trusted source, consider reviewing the full repository (especially any truncated files) before running. - The packaged code uses CCXT and other Python packages (requirements.txt). If you install dependencies, prefer doing so in an isolated virtual environment. If you want stronger assurance, request the full, untruncated source for review and verify the platform operator and their privacy/security policy before enabling platform uploads or live trading.
Findings: [network-http-requests] expected: Multiple modules (trading_client, fetch_data, package_upload) perform HTTP requests. This is expected for fetching data from Binance and communicating with the verification/trading platform. [hmac-authentication] expected: trading_client implements HMAC signing for authenticated platform requests. This is expected for an API client that sends creds to a remote trading/verification service. [shell-filesystem-permissions] expected: skill.yaml lists shell/filesystem/network permissions; scripts use filesystem and may run commands — consistent with the skill's runtime instructions.

Review Dimensions

Purpose & Capability: okName/description match the artifacts: Python scripts implement parameter generation, backtesting, segmented evolution, packaging, and optional live/upload clients. Required binary is python3 only, which is appropriate for a Python-based trading tool. Included data CSV, requirements.txt, and modules (core/*) are expected.
Instruction Scope: noteSKILL.md instructs the agent to read local knowledge files, write/read /tmp JSONs and run the included Python scripts to fetch data, run backtests, evolve parameters, and optionally upload or run live. That scope matches the stated purpose. Important operational points are explicit (stop-for-confirm at specific checkpoints). There's no instruction in SKILL.md or visible scripts to scan unrelated system credentials or environment variables.
Install Mechanism: okNo install spec — instruction-only plus bundled Python scripts. This is low-risk compared to downloading/executing remote installers. The shipped code will be executed locally by Python, which is expected for this skill.
Credentials: noteThe skill requests no environment variables and uses a local credentials file (default ~/.moss-trade-bot/agent_creds.json) for platform API keys. That is proportionate to optional upload/live behavior. However, the skill has a default platform URL (https://ai.moss.site) baked into SKILL.md and config; if you use upload/live features you will be sending credentials to an external service chosen by the skill or to whatever --platform-url you pass — review/trust that endpoint before proceeding.
Persistence & Privilege: okalways:false and no indication the skill modifies other skills or global agent settings. It reads/writes local files (params, /tmp fingerprints/results, optional upload package) which is expected. The skill has network and shell permissions in its metadata, which are coherent with its optional remote-upload and fetch-data features.