Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Chainup Spot Trading
v1.0.1ChainUp/OpenAPI V2 spot and margin trading skill. Prefer using the Python script to call `sapi` endpoints through one unified entrypoint and avoid ad hoc sig...
⭐ 1· 223·0 current·0 all-time
by@lurenha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Functionality (placing orders, signing with X-CH-APIKEY/X-CH-SIGN) matches the stated ChainUp trading purpose. However, the skill metadata declares no required env vars or config paths while the runtime instructions and script clearly expect credentials (CHAINUP_API_KEY / CHAINUP_SECRET_KEY / CHAINUP_BASE_URL) and prefer reading /root/TOOLS.md. That mismatch is unexpected and should be justified in metadata.
Instruction Scope
The SKILL.md explicitly instructs the agent to prefer reading /root/TOOLS.md and to use any usable credentials found there without requiring the user to set environment variables. That grants the skill automated access to a host file that may contain unrelated secrets. The instructions also forbid fallback to manual HTTP signing and insist all requests go through the included script, which centralizes network activity (not inherently bad) but increases the impact if the script behaves badly.
Install Mechanism
There is no external install step or remote download; the skill is instruction-first and embeds a local Python script. No installer or third-party package fetch was specified, lowering install-time risk.
Credentials
The skill uses and documents sensitive variables (API key and secret) and supports env vars and a CLI override, which is appropriate for a trading skill — but the skill metadata did not declare these required environment variables or config paths. The implicit preference to read /root/TOOLS.md (a host file) is disproportionate because it could give the skill access to other credentials stored there.
Persistence & Privilege
The skill does not set always:true and does not request special platform privileges. It does include an executable script that will run when invoked, but it does not modify other skills or global config per the provided files. Autonomous invocation is enabled by default (normal) but does not by itself raise this flag.
What to consider before installing
Before installing or enabling this skill: 1) Understand it expects ChainUp API credentials and a base URL even though the skill metadata does not declare those env vars. 2) The skill prefers to read /root/TOOLS.md and will use any usable credentials found there — review that file first (it may contain other secrets you don't want the skill to access). 3) Review the included scripts/chainup_api.py yourself (or run it in an isolated/sandboxed environment) to ensure there are no hidden endpoints or unexpected behavior. 4) If you want tighter control, provide credentials via environment variables or CLI arguments and remove/secure /root/TOOLS.md, and ask the publisher to update the skill metadata to declare required env vars and config paths. 5) Because the skill can place real trades, only use it with keys that have appropriate permissions (consider read-only keys for testing) and require two-step confirmations as described in SKILL.md before live operations.Like a lobster shell, security has layers — review code before you run it.
latestvk972qt4vqy63b98zgwnpsbzx9s82pver
License
MIT-0
Free to use, modify, and redistribute. No attribution required.