Trading Research
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill for market data can send requested symbols and market-data queries to Binance public API endpoints.
The script fetches data from Binance over the network. This is disclosed and central to the market-data purpose, but users should know the skill contacts Binance APIs.
BASE_URL = "https://data-api.binance.vision" ... request.urlopen(url, timeout=10)
Use it for market research as intended and review any generated commands before running them, especially if adapting them beyond public market-data queries.
If a user supplies Binance API keys or follows these examples for live trading, the agent could help access account data or place/cancel orders.
The reference documentation includes authenticated Binance account and trading endpoints, even though the metadata declares no required credentials and the provided scripts do not show credential use.
Signed endpoints require... API Key... Place New Order POST /api/v3/order ... Cancel All Open Orders
Do not provide live Binance API keys unless you intentionally want that workflow; prefer testnet or read-only/scoped keys, disable withdrawals, and require explicit confirmation before any live order.
Users have less external information to verify who maintains the skill or where the code originated.
The skill has limited provenance information. No install-time commands or third-party package installs are shown, so this is a provenance notice rather than a material concern.
Source: unknown; Homepage: none
Review the included scripts before installation and prefer updates from a trusted publisher or repository when available.