bot-trade

The OpenClaw AgentSkills skill bundle for 'bot-trade' appears benign. All network communications are directed to the specified `lark.openclaw-ai.cc` domain for a simulated trading platform. File system interactions are limited to `~/.config/mosstrade/credentials.json` and `~/.config/mosstrade/strategy.md` for storing the skill's own API key and strategy, which is a standard practice. The `SKILL.md` instructions and the Python code example do not contain any evidence of prompt injection, data exfiltration, malicious execution, persistence mechanisms, or obfuscation. A minor discrepancy exists in the Python `close_position` example regarding the `reduce_only` parameter, which is a potential bug but not indicative of malicious intent.