vibetrading-global-signals
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it claims—query a public trading-signal API—but users should treat the returned AI-generated financial analysis as untrusted information and notice the optional npm install and scheduling examples.
This looks reasonable for a public crypto signal lookup skill. Before installing, be comfortable with npm dependencies and outbound requests to vibetrading.dev, treat all returned trading analysis as unverified information, and only enable scheduled monitoring if you actually want repeated background checks.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Returned signal text could affect the agent’s reasoning or a user’s trading judgment if over-trusted.
The skill intentionally retrieves and displays external AI-generated markdown. That is purpose-aligned, but an agent or user should treat this content as untrusted market information rather than instructions or verified advice.
Each signal contains: - `signal_payload`: Detailed analysis with sentiment and markdown
Use the output as informational only, keep human review in the loop, and do not let returned markdown override user goals or trigger trading actions automatically.
Installing dependencies can add code from npm to the local skill environment.
The skill relies on a user-run npm dependency install for its Node scripts. This is normal for this implementation, but users should recognize the third-party package supply-chain surface.
Install dependencies: ```bash cd ~/.openclaw/workspace/skills/vibetrading-global-signals npm install ```
Install only from trusted sources, keep the package-lock file in use, and review dependency changes before updating.
If enabled, the skill could run repeatedly on a schedule and keep querying the external signal API.
The artifact documents optional recurring execution. This is disclosed and limited to signal polling, but it is still a persistence mechanism users should knowingly enable.
Set up cron jobs for regular signal monitoring: ```bash 0 * * * * /path/to/scripts/get_latest_signals.js BTC,ETH ```
Only add scheduled monitoring intentionally, use a clear interval, and remove the cron/OpenClaw schedule when it is no longer needed.