Crypto Trading Bot
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bot built or guided from these instructions could place unintended real trades and cause financial loss if safeguards are not added.
This describes webhook-triggered automatic trading across exchanges, but the artifact does not define human confirmation, order-size limits, paper-trading mode, rollback, or a kill switch.
- 接收TradingView webhook信號 - 自動執行買賣指令 - 支持多交易所對接
Require explicit user approval before live trading, use paper trading or testnets first, set hard position and loss limits, and include a documented kill switch.
If a user provides exchange credentials without strict limits, the agent or generated bot could trade with broad account authority.
Exchange automation normally requires API keys with trading permissions, but the supplied metadata declares no primary credential or required environment variables and the skill does not bound allowed API scopes.
- Binance, Bybit, OKX API 對接 - 現貨/合約自動化
Use least-privilege API keys, disable withdrawals, restrict IPs where possible, separate test and live keys, and document exactly which credentials are needed and how they are stored.