Skillv1.2.0

ClawScan security

Binance Dca · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code matches its stated purpose (a Binance DCA tool) but the package metadata and documentation are inconsistent and it gives insecure setup suggestions (e.g., persisting secrets in shell rc); review and fix these before trusting it with real API keys.
Guidance: What to consider before installing: - The code appears to do exactly what it says: call Binance (or a user-set BASE_URL) to check prices, balances, plan DCA schedules, and place orders. That requires BINANCE_API_KEY and BINANCE_SECRET_KEY and a few standard CLI tools (curl, openssl, python3, grep/sed). - Inconsistency: the registry metadata did NOT declare required environment variables or required binaries. Treat that as a packaging/documentation bug — the skill will fail or mislead you if you don't set those vars and have the dependencies installed. - Security cautions: - Use a dedicated Binance API key with only the permissions needed (Spot trading only) and enable IP whitelist when possible; keep daily limits small for testing. - Avoid placing secrets into files that other users/processes can read. The SKILL.md demonstrates appending secrets to ~/.bashrc which persists secrets in plain text; prefer a secure secrets manager or protected environment variables instead. - Test first on Binance testnet by setting BINANCE_BASE_URL to the testnet URL and using testnet keys. - Review the script locally before running it. It signs requests locally and only contacts the configured BASE_URL; there are no hidden external endpoints in the code, but if you change BINANCE_BASE_URL you control where keys and requests go. - Operational suggestions: - Ensure curl, openssl, python3 and common unix utilities are installed and up-to-date. - Run the script in an isolated environment or container if you plan to use real API keys until you trust it. - What would change this assessment to benign: the registry metadata accurately listing required env vars and binaries and small fixes in SKILL.md removing insecure examples (or recommending secure storage) would resolve the main incoherences. If you want, I can produce a minimal checklist of commands to safely test the skill on Binance testnet and an example of using a secrets manager instead of ~/.bashrc.

Review Dimensions

Purpose & Capability: noteThe script implements Binance DCA functions (price, balance, buy, history, plan) and requires Binance API credentials — this matches the declared purpose. However, the registry metadata lists no required environment variables or binaries even though the SKILL.md and scripts require BINANCE_API_KEY and BINANCE_SECRET_KEY and depend on curl, openssl, python3, grep/sed, and date.
Instruction Scope: noteSKILL.md limits actions to interacting with the Binance API (including testnet) and automation via cron. It instructs the user to export API keys into environment variables and to add them to ~/.bashrc as an example — that persists secrets to disk and can be insecure. The runtime instructions and script do not attempt to read unrelated system files or send data to endpoints other than the configurable BINANCE_BASE_URL.
Install Mechanism: okThere is no install spec; the skill is instruction-only plus a shell script. That minimizes installer risk because nothing external is downloaded by the skill itself.
Credentials: concernThe code legitimately requires BINANCE_API_KEY and BINANCE_SECRET_KEY (and optionally BINANCE_BASE_URL/RECV_WINDOW), but the registry metadata does not declare these required env vars. Also the script depends on system binaries (curl, openssl, python3, grep, sed) which are not declared. The number and type of credentials requested are proportional to the purpose, but the missing declarations are an incoherence and a usability/security risk.
Persistence & Privilege: okSkill is not always-enabled and does not request elevated or persistent system-wide privileges. It does not modify other skills' configs. It does suggest adding environment variables to shell rc (user action), which is not done by the skill itself.