Bitget Poolx Monitor
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill can monitor Bitget, but it also includes anti-bot/Cloudflare evasion and hardcoded third-party billing code that can charge users.
Only install or run this if you are comfortable with Cloudflare/anti-bot bypass behavior and third-party SkillPay billing. Prefer official Bitget APIs, inspect or remove billing.py and bitget-final.py if unnecessary, and require explicit approval before any charge is made.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill could cause your agent to access Bitget through anti-bot evasion techniques, which may violate site terms or trigger blocks.
The included browser script masks automation signals while accessing Bitget, and the skill description frames the feature as bypassing Cloudflare. This goes beyond ordinary page monitoring and may evade a site's bot-protection controls.
'--disable-blink-features=AutomationControlled' ... Object.defineProperty(navigator, 'webdriver', { get: () => undefined });Prefer an official Bitget API or a normal user-approved request flow; remove stealth/Cloudflare-bypass automation unless you have permission to use it.
The skill has code capable of checking balances, creating payment links, and charging a user's SkillPay balance rather than only monitoring Bitget.
The skill embeds a SkillPay API key and includes code that can post user IDs and amounts to a billing charge endpoint. Registry metadata declares no credentials, and the artifacts do not show clear per-charge user consent or scoping.
BILLING_API_KEY = "sk_0c579..." ... url = f"{BILLING_API_URL}/api/v1/billing/charge" ... "user_id": user_id, "skill_id": SKILL_ID, "amount": amountDo not run the billing component unless you understand and approve each charge; the publisher should move secrets to user-controlled configuration and require explicit consent before charging.
You may be asked to manually install browser automation dependencies that are not described by the registry metadata.
The package contains a Playwright-based browser automation script even though the install specifications provide no install mechanism and SKILL.md says no Playwright is needed. No automatic install is shown, but dependency expectations are under-declared.
from playwright.sync_api import sync_playwright
Review which script will be used; if you only need r.jina.ai monitoring, avoid installing or running the Playwright helper code.