Binance Trade Hunter
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Binance trading purpose, but it needs careful Review because it asks for trading credentials, can place real market orders, and auto-uses local Telegram bot/chat settings.
Install only if you are comfortable giving the skill trading authority. Use a Binance subaccount with limited funds, no withdrawal permission, and IP restrictions; verify every trade before execution; explicitly configure the Telegram chat_id instead of relying on auto-discovery; and stop background services when not in use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the key is over-scoped, mishandled, or used unexpectedly, the agent can trade real funds and credential compromise could cause financial loss.
The skill requires credentials capable of trading on a Binance account. That authority is high impact, and the registry metadata declares no primary credential or required config path.
Ask the user for their Binance API Key and Ed25519 private key file path ... API Key must have Spot Trading permission enabled
Use a Binance subaccount with no withdrawal permission, IP restrictions, and a small balance. The skill should declare these credentials in metadata and enforce least-privilege limits.
An accidental or misunderstood invocation could buy or sell cryptocurrency with real money.
The trade executor directly submits signed Binance MARKET orders. The shown code executes the order for the passed symbol and amount without a visible built-in confirmation gate, maximum order size, or trading allowlist.
params = {"symbol": symbol, "side": "BUY", "type": "MARKET", "quoteOrderQty": f"{usdt_amount:.2f}"} ... self.client._request("POST", "/api/v3/order", params=params, signed=True)Require explicit per-order confirmation, show the exact symbol/side/amount before execution, and add code-level safeguards such as max order size, dry-run mode, and optional symbol allowlists.
Trading alerts or prompts could be sent to the wrong Telegram chat, potentially exposing activity or inviting unintended users to interact with the bot.
When chat_id is not configured, the skill chooses the most recent private Telegram chat from bot updates, which may not be the current OpenClaw conversation or intended recipient.
Fallback: getUpdates API to find the most recent private chat_id ... url = f"https://api.telegram.org/bot{bot_token}/getUpdates" ... if chat.get("type") == "private": ... return cidRequire an explicit, verified chat_id for notifications or a trusted current-session value; avoid getUpdates auto-discovery for financial workflows.
Monitoring and Telegram pushes may continue until the user explicitly stops them.
The skill discloses long-running pump alert and coin push services. They are purpose-aligned and user-started, but they persist beyond a single chat response.
Background services run as independent processes. Use service_status to check.
Start background services only when needed, periodically check service_status, and stop them when no longer desired.
Future dependency versions could change behavior or introduce vulnerable packages.
The skill installs third-party packages using broad minimum-version ranges rather than pinned versions or a lockfile.
python-binance>=1.0.19 ccxt>=4.0.0 websocket-client>=1.6.0 requests>=2.31.0
Pin dependency versions, provide a lockfile or hashes, and install in an isolated virtual environment.