ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Crypto Trading Bot (BTC/ETH or choose any)

v1.0.1

Analyze BTC or ETH setups and generate precise trading bot rules with structured entry, exit, and risk management logic.

0· 93·0 current·0 all-time
by@lwuigi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description say 'crypto trading bot' (generate trading rules for BTC/ETH) but the SKILL.md contains large sections about host security audits, skill creation workflows, and device pairing diagnostics that are unrelated to trading. This mismatch suggests scope creep or a packaging error.
!
Instruction Scope
Runtime instructions tell the agent to run host-level OpenClaw commands (e.g., 'openclaw security audit --deep', 'openclaw update status', 'openclaw qr --json', 'openclaw devices list', 'openclaw devices approve --latest') and to create/edit SKILL.md and package skills. Those tasks go beyond producing trading rules and could cause the agent to inspect or modify host state or skill files.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no installer that would download or execute third-party code on disk.
Credentials
No environment variables, credentials, or config paths are requested (which is proportionate). However, the instructions reference running OpenClaw host commands that could access system state or modify skill files even without declared env vars.
Persistence & Privilege
always:false and no install means the skill does not request permanent presence. But the instructions explicitly discuss creating/editing skills and packaging resources, which would allow the agent to modify skill content if it executes those workflows — consider this when allowing autonomous execution.
What to consider before installing
Do not install or allow autonomous execution yet. Ask the publisher for the original source/homepage and for clarification: why does the trading skill include host-security and skill-authoring instructions? Request a version of the SKILL.md that contains only trading-related runtime instructions. If you still want to test it, run the skill in a restricted/sandboxed environment, deny it permission to execute OpenClaw or system commands, and never provide real exchange API keys — use read-only or testnet keys with minimal scope. Manually review any generated bot rules before running them on real funds, and prefer skills with a clear source, changelog, and verifiable author.

Like a lobster shell, security has layers — review code before you run it.

latestvk971z3a11fag3byg95vjjqkkc9835mwrlatest crypto trader BTC XRPvk971z3a11fag3byg95vjjqkkc9835mwr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments