Beetrade
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a purpose-aligned Beecli wrapper with explicit safeguards, but it can affect live trading/accounts and relies on a local Beetrade login and external CLI package.
Install this only if you trust Beetrade and the @beelabs/beetrade-cli npm package. Use read-only/status commands first, prefer paper or backtest modes, and approve live trading, deletes, account credential updates, orders, or schedules only after checking the exact command. Do not expose ~/.beecli/config.json or provide passwords in reusable shell history.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user confirms a risky command, it could start or stop live trading, delete resources, update account credentials, place orders, or alter schedules.
The skill can drive high-impact trading and account mutation commands, but it discloses them and requires user confirmation before execution.
Always require explicit user confirmation immediately before executing these actions: Any live trading start/stop command. Any delete command. Any command that updates account credentials. Any command that can place real orders or alter scheduled execution.
Review the exact command and impact before approving; prefer read-only, paper, or backtest operations unless you intentionally want live/account changes.
Anyone or anything that can access the Beecli session tokens may be able to act as the logged-in Beetrade user.
The integration relies on local Beetrade authentication/session material, which is sensitive account access even though it is expected for this CLI.
The CLI stores configuration in `~/.beecli/config.json`: `accessToken` - Authentication token; `refreshToken` - Token refresh credential; `email` - Logged in user email
Keep ~/.beecli protected, prefer the interactive login flow, avoid putting passwords directly in shell commands, and verify that outputs redact tokens.
The safety of actual command execution depends on the installed Beecli package, not only on the instruction file reviewed here.
The executable used by the skill is supplied by an external npm package, and the reviewed artifacts do not include that package's code.
node | package: @beelabs/beetrade-cli | creates binaries: beecli
Install only if you trust the @beelabs/beetrade-cli package and its publisher; consider checking the package version and provenance before use.