Back to skill

Security audit

Binance Trading Agent Openclaw

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Binance futures trading skill, but it gives an agent high-impact authority to place leveraged trades with weak runtime safeguards and incomplete risk disclosure.

Install only if you understand it can place leveraged Binance futures orders. Keep FUTURES_TESTNET enabled unless you deliberately accept live trading risk, use restricted/testnet API keys, disable shell access if possible, avoid logging secrets or full account responses, and add explicit human confirmation and position/leverage limits before connecting it to a production account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The configuration enables unrestricted shell execution for an automated trading agent even though the stated purpose is Binance futures trading, which does not inherently require arbitrary OS command execution. If the agent is prompt-influenced, compromised, or misused, shell access can be leveraged to run destructive commands, exfiltrate credentials, alter trading logic, or pivot beyond the intended trading scope.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly describes live trade execution on Binance futures and mandates logging all API responses and trade decisions to memory without warning about real-money consequences or the risk of recording sensitive data. In this context, logs may capture account identifiers, balances, order details, and potentially credential-adjacent information, while the default behavior could still enable real financial loss if testnet configuration is changed or misunderstood.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to place real Binance API credentials into the config and run an automated futures trading agent, while only softly recommending testnet use rather than making the real-order risk explicit. In the context of leveraged USDS-M futures trading, unclear safety guidance can lead users to unintentionally submit live orders, creating immediate financial loss risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly advertises automated opening and closing of Binance Futures positions and a continuous trading loop, but it does not include any clear warning about real financial loss, leverage risk, liquidation, or the possibility of placing live account-impacting orders. In the context of a trading agent, omission of these warnings and safeguards can cause users or downstream agents to invoke the skill in a live environment without adequate consent or understanding, leading to significant monetary loss.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to use abusive language toward the user by saying it should call risky requests 'fucking reckless.' This is unsafe because it encourages harassment, degrades user trust, and can escalate otherwise routine financial interactions into hostile exchanges, especially in a high-stakes trading context.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document describes an end-to-end agent that automatically generates signals and executes Binance USDS Futures trades, including position management and leverage, but it provides no explicit warning that actions may place live orders or cause financial loss. In a trading context, especially with futures, omission of this warning increases the chance that a user treats the skill as safe analytical tooling when it can materially affect funds and create leveraged exposure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly references API key management for exchange access but does not state secure handling expectations, such as using secrets storage, least-privilege permissions, and never logging credentials. Because these keys can enable account access and order placement, weak guidance around credential handling can lead to key leakage, unauthorized trading, or account compromise.

Missing User Warnings

High
Confidence
91% confidence
Finding
This method directly submits futures orders to Binance using caller-supplied parameters, enabling irreversible financial actions without any confirmation, policy guardrails, or validation visible in this file. In an agent skill context, this is especially dangerous because automated or prompt-influenced flows could trigger real trades with user funds, including high-risk order types or malformed parameters that still execute unintended positions.

Missing User Warnings

High
Confidence
87% confidence
Finding
Changing leverage materially increases liquidation risk and can amplify losses, yet this method exposes that action as a single direct API call with no warning, confirmation, or safety checks. Within an automated trading skill, an upstream agent or user prompt could raise leverage on a live account unexpectedly, making subsequent trades far more dangerous.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.