ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Crypto Exit Rule Drafter

v1.0.0

A rule-drafting skill that helps users define exit conditions in advance for their crypto positions. Use when the user wants to set pre-defined exit rules. P...

0· 69·0 current·0 all-time
byhaidong@harrylabsj

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for harrylabsj/crypto-exit-rule-drafter.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Crypto Exit Rule Drafter" (harrylabsj/crypto-exit-rule-drafter) from ClawHub.
Skill page: https://clawhub.ai/harrylabsj/crypto-exit-rule-drafter
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install crypto-exit-rule-drafter

ClawHub CLI

Package manager switcher

npx clawhub@latest install crypto-exit-rule-drafter
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md describes a prompt-only rule-drafting helper with no integrations or credential needs. The bundled handler.py, however, attempts to load SKILL.md from a hardcoded, user-specific filesystem path (/Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md) and loads a prompt template — behavior that is not needed to draft exit rules and is disproportionate to the stated purpose.
!
Instruction Scope
The runtime instructions (SKILL.md) do not instruct reading any local files or accessing user home directories. The handler code nevertheless opens and reads a local SKILL.md path and returns a template; this is out-of-scope compared to the declared prompt-only workflow and could cause unintended local file reads.
Install Mechanism
There is no install spec (instruction-only), which is lowest-risk for installation. However, the package does include executable code files (handler.py) that will run when the skill is invoked. The absence of an install step reduces disk persistence risk but does not eliminate runtime filesystem access performed by the handler.
!
Credentials
The skill declares no required env vars or credentials (appropriate for a prompt-only drafter), yet the handler accesses a specific user's home-directory path directly. Requesting or reading arbitrary local files is disproportionate and effectively grants the skill access to local data without any justification in the description.
Persistence & Privilege
always is false and the skill does not declare system-wide changes or persistent installation behavior. Autonomous invocation is allowed (platform default) but does not combine with an 'always' flag or other privilege escalations here.
What to consider before installing
This skill is suspicious because its manifest/README says 'prompt-only' but the shipped handler.py reads a hardcoded, user-specific path (/Users/jianghaidong/.openclaw/skills/...). That could cause the skill to read local files unexpectedly. Before installing or enabling it: (1) ask the author why the handler reads that path and request removal or parameterization of the path (use relative paths or passed-in content instead), (2) review the handler.py yourself or run it in a sandboxed environment to confirm it doesn't access other files or exfiltrate data, (3) ensure the skill only uses data you explicitly supply, and (4) avoid granting it broad filesystem or credential access. If the author cannot justify the local file access or provide a corrected version, do not install it.

Like a lobster shell, security has layers — review code before you run it.

latestvk972deskrdraq4y761vzep9geh84yvnh
69downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
haidong@harrylabsj
latest
Download

crypto-exit-rule-drafter

A rule-drafting skill that helps users define exit conditions in advance for their crypto positions.

Workflow

  1. Ask about the current or planned position: asset, size, entry price, and thesis.
  2. Ask what would make this investment wrong: price drop, fundamental change, or time horizon.
  3. Draft two exit rules: a stop-loss level (downside exit) and a thesis-review level (fundamental exit).
  4. Make the rules concrete and written, not vague intentions.
  5. Set a review trigger and a consequence for when the rule is hit.

Output Format

  • Position summary
  • Downside exit rule (price or percentage level)
  • Fundamental exit rule (what must change)
  • Review trigger and date
  • Written commitment statement

Quality Bar

  • Rules are specific enough to actually trigger, not vague aspirational targets.
  • Separates emotional stopping from rule-based stopping.
  • Does not set stop-losses so tight that normal volatility triggers them.

Edge Cases

  • If the user has no clear thesis for the position, help them articulate one before drafting rules.
  • If the position is long-term and the user has high conviction, focus more on fundamental exit than price stops.

Compatibility

  • Prompt-only, no exchange or portfolio integration.
  • Works from user-provided position details.

Comments

Loading comments...