Skillv1.0.0

ClawScan security

Crypto Scalper Bot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 7:28 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The code and runtime instructions match a Binance futures scalper, but the package metadata omits required credentials and there are implementation issues (a QA script that runs the trading script, workspace-path reads, and code that will place live orders) that make this package inconsistent and risky without careful review.
Guidance: This package is functionally a real Binance futures trading bot and will place live market orders if you run it with API keys that have trading permissions. Before installing or running: 1) Do not trust default metadata — the repo needs BINANCE_API_KEY and BINANCE_API_SECRET (and optionally Telegram values); verify and provision keys yourself. 2) Use API keys with the minimum necessary permissions (disable withdrawals, restrict by IP if possible) and test with a small balance or testnet keys. 3) Inspect and correct run_qa.sh (it currently runs the trading script instead of qa_audit.py) to avoid accidental trades when you expect only checks. 4) Remove or avoid storing secrets in shared workspace paths (the code looks in /root/.openclaw/workspace/*), or ensure workspace doesn't contain other sensitive env files. 5) Be aware qa_audit.py will attempt a test order (reduceOnly) — consider disabling that or replacing it with a non-order API call for testing. 6) Because the package source and homepage are unknown, prefer to run it in an isolated environment (VM/VPS) and review all code changes before giving it live API keys. If you want, I can list the exact lines that read workspace env paths and the commands in run_qa.sh/setup.sh that you should change.

Review Dimensions

Purpose & Capability: concernThe skill claims to be a Binance Futures scalper and the code indeed implements trading, Telegram alerts, and health checks. However the registry metadata lists no required environment variables or primary credential even though the code clearly requires BINANCE_API_KEY, BINANCE_API_SECRET (and optional TELEGRAM_BOT_TOKEN/TELEGRAM_CHAT_ID). This mismatch between claimed metadata and actual needs is an incoherence that can lead to accidental credential exposure or misuse.
Instruction Scope: concernSKILL.md instructs the user to create env files and run setup/strategy/QA scripts which is appropriate for a trading bot. But there are problematic instructions/behaviors: run_qa.sh actually invokes the trading script (futures_auto_trade.py) instead of the QA audit (qa_audit.py), so running the QA job may execute live trades unexpectedly. The Python scripts also search for env files in '/root/.openclaw/workspace/*', meaning they will pick up env files from an agent/workspace location beyond the repo — this increases the chance of accidently reading unrelated secrets.
Install Mechanism: okNo install spec is provided and there are no downloads; this is a code-bundle with scripts to run locally. That lowers install-time risk since nothing is fetched from external URLs, but the provided code will execute network calls and trading actions when run.
Credentials: concernThe skill requires Binance API keys with read/write trading permissions and optional Telegram tokens to function — those are appropriate for a trading bot. However the registry metadata shows no required env vars (incoherent), and the code will also read env files from an agent workspace path which may expose keys stored elsewhere. The QA routine attempts an API order test (placing a reduceOnly MARKET order) which is a sensitive action and should be clearly documented/optional.
Persistence & Privilege: okThe skill does not request 'always: true' or any elevated platform privileges. It does not modify other skills' configurations. Its runtime behavior is limited to the files in the bundle and external network calls (Binance, Telegram).