Skillv1.0.3

ClawScan security

Crypto Executor Optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 2, 2026, 2:51 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (reading metrics, modifying executor.py, restarting the bot) matches its description, but there are several operational and security concerns — unpinned external downloads, persistence of Binance credentials, sudo restarts, and system-level changes — that warrant careful review before installation.
Guidance: This skill appears to implement the advertised optimizer, but it carries non-trivial operational risks. Before installing: 1) Audit the remotely downloaded executor.py and optional oracle code and prefer pinning to a specific commit/tag rather than downloading from 'main'. 2) Understand that the setup will persist your BINANCE_API_KEY and BINANCE_API_SECRET to /workspace/data/bot_config.env (chmod 600) — run this only in an isolated environment you control. 3) The skill requires sudo to restart a systemd service (or will pkill/launch the bot), so verify you are comfortable granting that ability on the host. 4) The scripts call pip install --break-system-packages; avoid this on shared hosts or use a virtualenv. 5) The regex-based in-place edits are brittle — review executor.py to ensure patterns match and backups work as intended. 6) Consider running this in a sandbox or dedicated VM, pin external downloads, and test manually before enabling the cron automation.

Review Dimensions

Purpose & Capability: noteThe name/description match what the files implement: analyzing performance and modifying/restarting a trading executor. Required binaries (python3, bash, systemctl) and use of cron are consistent. Minor inconsistency: registry metadata lists no required env vars, while SKILL.md/setup scripts collect and persist BINANCE_API_KEY and BINANCE_API_SECRET during setup (they are needed but not declared in registry).
Instruction Scope: concernThe runtime instructions and scripts legitimately read performance files and executor.py and then edit it via regex and restart the service — that is within stated scope. However the skill instructs downloading external code from raw.githubusercontent.com (un-pinned 'main' branch), persists Binance credentials to /workspace/data/bot_config.env, and will source that file when restarting the bot. The apply_optimization.sh modifications use regex replacements which may be brittle and could change unintended lines if executor.py differs. The scripts also instruct pip install with --break-system-packages. These steps expand the attack/accident surface beyond a simple analyzer.
Install Mechanism: noteThere is no formal install spec (instruction-only), but setup scripts download executor.py and an optional oracle from raw.githubusercontent.com. Raw GitHub content is a known host (lower risk than random IPs), but downloads target the 'main' branch (not pinned to a commit/tag) which is insecure. No archive extraction occurs. The scripts also call pip install --break-system-packages which can alter host Python environment on shared systems.
Credentials: concernThe skill collects and persists BINANCE_API_KEY and BINANCE_API_SECRET (reasonable for a trading bot), and optionally Telegram tokens. However these credentials are not declared in the registry's required env list (incoherence). The credentials are stored on disk in /workspace/data/bot_config.env and sourced by fallback restart paths — storing and sourcing secrets is functional but high-impact. No unrelated third-party credentials are requested.
Persistence & Privilege: noteThe skill does not force always:true. The SKILL.md requests sudo/systemctl to restart a system service (uses_sudo: true) and will fall back to pkill/nohup if systemd isn't available. Installing a recurring cron (via openclaw cron or system crontab) gives it periodic execution. These privileges are consistent with restarting/automating a trading bot, but combined with network downloads and credential persistence they increase potential blast radius.