Binance Dca
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Binance DCA purpose, but it can place real crypto trades and contains an argument-injection code execution risk that should be fixed before use.
Do not use this with a live Binance account until the input-injection issue is fixed and you are comfortable with the trading authority. Start on testnet, use a dedicated restricted API key with withdrawals disabled and IP allowlisting, require manual confirmation for live buys, set small spending limits, and carefully monitor or disable any cron-based recurring schedule.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed DCA planning request could make the local environment run commands unrelated to Binance planning.
The plan action inserts user-controlled amount, period, and frequency values directly into a Python command string without numeric validation or argv escaping, so crafted quotes could execute unintended Python or OS commands on the agent host.
python3 -c "... amount = float('${amount}') ... periods = int('${periods}') ... freq = int('${frequency}') ..."Validate all numeric inputs before use and pass values to Python as argv or environment variables instead of interpolating them into a python -c string.
If invoked incorrectly or too broadly, the agent could spend real Binance funds or create persistent limit orders.
The buy action submits a live Binance order using supplied arguments immediately; the artifact does not show a human confirmation gate, dry-run default, spend cap, symbol allowlist, or other containment before financial mutation.
query="symbol=${symbol}&side=BUY&type=${type}"eOrderQty=${amount}" ... resp=$(api_signed "POST" "/api/v3/order" "$query")Require explicit user confirmation for each live order, default to testnet or dry-run for new users, validate symbols/order types/prices, and add configurable maximum spend limits.
A trading API key can access balances/history and place trades, so misuse can cause financial loss even without withdrawal permission.
The skill asks for trading-capable Binance credentials. That is expected for live DCA buys, but it is high-impact authority, the registry declares no primary credential/env vars, and the artifacts do not limit the key's use to particular assets or amounts.
**Restrictions:** Enable **Spot & Margin Trading** only ... export BINANCE_API_KEY="your-api-key-here" ... export BINANCE_SECRET_KEY="your-secret-key-here"
Use a dedicated Binance key with withdrawals disabled, avoid margin permissions if not needed, enable IP allowlisting, keep amounts small, and have the skill metadata declare the required credential clearly.
An unintended schedule could keep buying until the cron job or external automation is disabled.
Recurring automation is disclosed and aligned with a DCA tool, but a wrong amount, symbol, or schedule can repeat financial actions over time if not monitored or stopped.
OpenClaw Integration — automate DCA buys via cron jobs with alerts
Only create schedules deliberately, document how to stop them, monitor executions, and set spending limits outside the skill where possible.
Users may not realize before installation that the skill needs trading credentials and local tooling.
For a financial trading skill, the provenance and dependency/credential contract are under-declared, even though the included script requires Binance credentials and local command-line tools.
Source: unknown; Homepage: none; Required env vars: none; Primary credential: none; Required binaries: none
Declare required tools and environment variables in metadata, provide a verifiable source/homepage, and review the included script before enabling it.