Trading upbit skill
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed Upbit trading automation skill that can place real orders, but its code and documentation are coherent with that purpose and do not show hidden exfiltration or unrelated behavior.
Install only if you intend to run an automated trading bot. Start with execution.dryRun=true, use minimal-permission Upbit API keys from the OpenClaw secret store, avoid storing keys in config.json, review the budget and maxPositions settings, and monitor account activity closely before enabling real trading.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.