Skillv2.3.4

ClawScan security

Crypto Executor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 5:45 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a Binance trading bot: it only asks for Binance API credentials and Python, instructs installing and running the provided code, and documents external dependencies and telemetry (Telegram) — but it requires exercising caution (audit/pin code, avoid system-wide pip flags, verify external oracle).
Guidance: This skill appears to be what it says (a Binance trading bot) but it operates on real money — review these points before installing: - Audit and pin code: review executor.py and any external repo (crypto-sniper-oracle) and install a specific commit/tag rather than cloning HEAD. - Credentials: create a Binance API key with only the permissions you need (Spot Trading only). Ensure Withdrawals and unnecessary permissions are disabled and prefer IP whitelisting. Treat the API secret as highly sensitive. - Test first: run on Binance testnet or with a very small allocation before trusting live funds. - Avoid --break-system-packages: prefer a virtualenv (python3 -m venv ...) instead of pip install --break-system-packages to avoid altering system packages. - External subprocesses: the oracle is executed as a subprocess — audit it for unexpected network calls or file writes before enabling. - Persistence: the bot writes learned_config.json and performance_metrics.json; back these up if you care about continuity and be aware reinstalling can overwrite them. - Systemd/service: follow least-privilege practices (run as a non-root user, keep credentials file protected) and monitor logs closely. If you want a safer install, request a short checklist of concrete audit points (specific files/lines to inspect) and/or ask for a diff of any changes made by installation steps.

Review Dimensions

Purpose & Capability: okName/description (autonomous Binance trading) match the requested artifacts: python3, BINANCE_API_KEY and BINANCE_API_SECRET, optional Telegram tokens, and a sizeable executor.py. External subprocess oracle is optional and documented. Nothing requested appears unrelated to trading.
Instruction Scope: noteSKILL.md instructs cloning the GitHub repo, installing websocket-client, creating /workspace directories, sourcing /etc/crypto-executor/credentials.env, and running executor.py. It explicitly documents files the bot writes (portfolio_state.json, learned_config.json, etc.). It also calls an optional external script via subprocess; the README/SKILL.md warns to audit that code. No instructions were found that read unrelated system secrets or exfiltrate to unexpected endpoints, but the skill does write persistent files and will run network calls to Binance and optionally Telegram.
Install Mechanism: noteThis is instruction-only (no packaged installer). The recommended install actions are git clone + pip install websocket-client. The SKILL.md suggests using pip with --break-system-packages on shared hosts which can modify system packages and is risky; the doc also recommends using a virtualenv on VPS (safer). The external dependency is a GitHub repo cloned at runtime (optional) — acceptable but requires auditing.
Credentials: okOnly BINANCE_API_KEY and BINANCE_API_SECRET are required (primary credential declared). TELEGRAM_* vars are optional and justified for alerts. Optional risk-limit env vars are relevant configuration, not extraneous secrets. No unrelated credentials or broad system tokens are requested.
Persistence & Privilege: notealways:false (no forced inclusion). The skill persists state under /workspace and provides systemd service instructions to run continuously; that is expected for a trading bot. The service guidance suggests placing credentials in /etc/crypto-executor with chmod 600 — a reasonable recommendation. The combination of autonomous execution + real-money trading is high-impact, so users should be careful about keys and service configuration.