Neko Futures Trader

The package is a coherent Binance Futures trading bot and needs the declared keys, but it includes a background startup instruction and a web dashboard that can expose sensitive data (including account info and potentially .env) — review and harden before installing.

This package implements exactly what it says (an automated Binance Futures bot) but contains components you should not expose without hardening. Key actions to consider before installing or enabling: - Treat API keys carefully: create Binance API keys with trading-only permissions (disable withdrawals), and enable IP allowlisting for the keys if possible. Do not use exchange keys with withdrawal permissions. - Run on an isolated/test account first and validate behavior in a sandbox/testnet environment. - Review and edit dashboard_api.py before running: by default it binds to 0.0.0.0 and serves files from the workspace. Change it to bind to 127.0.0.1 or require authentication, and explicitly refuse to serve dotfiles (like .env). Confirm it cannot serve /.env or other secrets. - If you do run the dashboard, put it behind a firewall or authenticated reverse proxy (or disable it entirely) so it is not publicly reachable. - Inspect the startup command (metadata.openclaw.startup). If you don't want persistent background processes, remove or disable that startup entry and run processes manually under your control (and use process supervisors you trust). - Check filesystem permissions on .env and other cache files; avoid committing keys to version control and ensure they are not world-readable. - Audit the code yourself or have a trusted developer review the modules that call Binance endpoints and Telegram to ensure no unexpected network calls or exfiltration beyond expected API usage. - Consider rotating credentials after any test run and monitor account activity closely. Confidence: medium — the code and instructions are broadly coherent with the stated purpose, but the web dashboard and automatic startup create realistic secrecy/exposure risks that warrant manual review and configuration before use.