Binance DCA Test
v0.0.1Binance Dollar-Cost Averaging (DCA) tool for automated and manual recurring crypto purchases. Use when the user wants to plan DCA strategies, execute recurring buys on Binance, check DCA projections, view trade history, or manage a systematic buying schedule for any trading pair (BTC/USDT, ETH/USDT, etc). Triggers on requests about DCA, recurring buys, cost averaging, accumulation strategies, or Binance spot purchases.
⭐ 0· 1.4k·0 current·0 all-time
by@fpsjago
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The stated purpose (Binance DCA) legitimately requires Binance API credentials and network calls to the Binance API. However the skill metadata declares no required environment variables or binaries while the SKILL.md explicitly requires BINANCE_API_KEY and BINANCE_SECRET_KEY and presumes a scripts/dca.sh script. That mismatch (no code files, no declared env) is inconsistent.
Instruction Scope
SKILL.md tells the agent/user to run bash scripts (scripts/dca.sh) for price, plan, buy, history, balance and to set env vars. Yet there are no code files in the skill bundle — the instructions reference local scripts that do not exist in the package. The instructions also include an insecure cron example that embeds API keys inline, and suggest using OpenClaw cron for agent-managed scheduling (which implies persistent access to credentials).
Install Mechanism
There is no install specification (instruction-only), which by itself is low-risk. But because the instructions expect local scripts to exist, the absence of any code or install steps is a substantive coherence problem: either the package is incomplete or it expects external artifacts not provided by the skill.
Credentials
Requesting Binance API key and secret is appropriate for a Binance trading tool, but the registry metadata did not declare these required env vars. The SKILL.md both warns 'Never store credentials' and then demonstrates embedding keys directly in a cron line — a contradictory and insecure recommendation. The skill does not state the minimal API permissions required (e.g., trading but not withdrawals) or recommend IP whitelisting.
Persistence & Privilege
The skill is not marked always:true, so it won't be forced into every agent run. However SKILL.md explicitly recommends scheduling recurring buys via cron or 'OpenClaw cron' (agent-managed scheduling). If the agent is granted persistent scheduling and stored credentials, that increases risk (autonomous recurring trades). The metadata does not clarify how scheduling or credential storage would be handled.
What to consider before installing
Do not install or run this skill as-is. Key issues: (1) the SKILL.md expects scripts (scripts/dca.sh) that are not included — ask the publisher for the missing code or a reference to a trusted repo; (2) the metadata does not declare the BINANCE_API_KEY and BINANCE_SECRET_KEY even though the runtime requires them — this mismatch is a red flag about quality/trust; (3) the cron example shows embedding API keys inline (insecure) and the doc suggests agent-managed scheduling, which would let the agent perform autonomous buys if it stores credentials. Before proceeding, request from the publisher: the source code or a trustworthy homepage, an install spec or included scripts, an explicit list of required env vars declared in metadata, and a clear statement of the minimum Binance API permissions needed (recommend trade-only, no withdrawal), plus guidance on secret storage (use secrets manager or OS-level protected env, do not paste keys into crontab). Always test with a testnet key (BINANCE_BASE_URL=https://testnet.binance.vision) and with tightly-scoped API keys and IP whitelisting. If the publisher cannot provide these, treat the skill as incomplete/untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk977wat0pajepzakr5ff5vve4180kj9s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.