Skillv1.0.0

ClawScan security

Binance Dca Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:02 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code matches a Binance DCA tool, but the package metadata omits required API credentials and the runtime instructions contain contradictory and risky guidance (e.g., embedding keys in cron), so the bundle is internally inconsistent and requires caution.
Guidance: This bundle contains a straightforward Binance DCA shell script, but there are important red flags you should address before using it: (1) The registry metadata fails to declare required credentials — the script needs BINANCE_API_KEY and BINANCE_SECRET_KEY; do not rely on metadata alone. (2) Never put API keys directly into cron command lines or source-controlled files: that exposes them in shell history, process lists, and logs. Use a secure vault or environment injection mechanism, and prefer ephemeral/testnet keys when trying the tool. (3) Ensure any API key used has the minimum permissions (e.g., ENABLE_TRADING but NOT WITHDRAWALS) and enable IP whitelist where possible. (4) Verify BINANCE_BASE_URL is not set to an untrusted endpoint before running (the tool will send signed requests to whatever BASE_URL is provided). (5) Review the included scripts locally before executing; confirm the signing (openssl HMAC) and curl calls behave as expected. (6) Ask the publisher (or require an updated package) to fix the metadata to declare the required credentials and to remove or replace the insecure cron example. If you cannot validate the source and correct these issues, treat the skill as risky and avoid granting it secrets or running it on production accounts.

Review Dimensions

Purpose & Capability: concernThe script and SKILL.md clearly require BINANCE_API_KEY and BINANCE_SECRET_KEY to perform Binance account actions, but the registry metadata declares no required env vars or primary credential. That mismatch is incoherent — a Binance trading tool legitimately needs API credentials and should declare them.
Instruction Scope: concernSKILL.md and the included script stay within Binance trading scope (price, balance, buy, history, plan), but the documentation contradicts itself: it advises 'Never store credentials' while showing a cron example that places API keys inline in the cron command. The doc also suggests using 'OpenClaw cron' for agent-managed scheduling (which may cause the agent to store scheduling config) without clarifying how secrets are protected. No instructions request unrelated files, but the cron example risks exposing secrets.
Install Mechanism: noteThere is no install spec (instruction-only with an included shell script), which minimizes install risk. The script will be written to disk as provided by the skill bundle; there is no external download or opaque installer. Review the included script before running.
Credentials: concernThe script requires sensitive credentials (BINANCE_API_KEY, BINANCE_SECRET_KEY) but the skill metadata lists none; this omission prevents automated vetting of required secrets. The SKILL.md also suggests embedding keys directly in cron (exposes secrets to process lists/logs) and recommends agent-managed scheduling without explaining secret handling. The skill permits overriding BASE_URL, which is legitimate for testnet but could be misused if set to a malicious endpoint.
Persistence & Privilege: okalways is false and the skill does not request system-wide privileges or modify other skills. It does not claim permanent/global presence; autonomous invocation remains at the platform default.