Crypto Trading Bot
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent, but it targets automated crypto trading that can place real orders through exchange APIs without defining credential scopes, confirmations, spending limits, or safe testing controls.
Review carefully before using for live trading. Do not share exchange secrets in chat unless the workflow clearly needs them, and prefer testnet or paper trading first. If you proceed, use least-privilege API keys with withdrawals disabled, hard spending and loss limits, explicit approvals for live orders, logging, and a kill switch.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bot built or guided from these instructions could place unintended real trades and cause financial loss if safeguards are not added.
This describes webhook-triggered automatic trading across exchanges, but the artifact does not define human confirmation, order-size limits, paper-trading mode, rollback, or a kill switch.
- 接收TradingView webhook信號 - 自動執行買賣指令 - 支持多交易所對接
Require explicit user approval before live trading, use paper trading or testnets first, set hard position and loss limits, and include a documented kill switch.
If a user provides exchange credentials without strict limits, the agent or generated bot could trade with broad account authority.
Exchange automation normally requires API keys with trading permissions, but the supplied metadata declares no primary credential or required environment variables and the skill does not bound allowed API scopes.
- Binance, Bybit, OKX API 對接 - 現貨/合約自動化
Use least-privilege API keys, disable withdrawals, restrict IPs where possible, separate test and live keys, and document exactly which credentials are needed and how they are stored.