Crypto Trading Bot
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: crypto-trading-bot Version: 1.0.0 The skill bundle describes a service for developing crypto trading bots, which inherently involves high-risk financial operations and API integrations. However, the provided `_meta.json` and `SKILL.md` files contain no evidence of malicious intent, prompt injection attempts against the agent, or instructions for unauthorized actions. The `SKILL.md` clearly outlines the service's purpose, core functions, and usage flow, all of which are transparent and aligned with the stated goal of building trading bots. There are no hidden commands, data exfiltration attempts, or obfuscation present in the analyzed content.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bot built or guided from these instructions could place unintended real trades and cause financial loss if safeguards are not added.
This describes webhook-triggered automatic trading across exchanges, but the artifact does not define human confirmation, order-size limits, paper-trading mode, rollback, or a kill switch.
- 接收TradingView webhook信號 - 自動執行買賣指令 - 支持多交易所對接
Require explicit user approval before live trading, use paper trading or testnets first, set hard position and loss limits, and include a documented kill switch.
If a user provides exchange credentials without strict limits, the agent or generated bot could trade with broad account authority.
Exchange automation normally requires API keys with trading permissions, but the supplied metadata declares no primary credential or required environment variables and the skill does not bound allowed API scopes.
- Binance, Bybit, OKX API 對接 - 現貨/合約自動化
Use least-privilege API keys, disable withdrawals, restrict IPs where possible, separate test and live keys, and document exactly which credentials are needed and how they are stored.