APEX IA Scanner
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its Binance market-scanner purpose, but one bundled script can run an automatic npm install through the shell, which is under-disclosed and can change the local environment.
Before installing, review or remove the runtime `npm install ws` behavior in `realtime-scanner.js`. If you use only the documented scanner, expect public Binance API calls and trading-signal output, but do not treat the results as financial advice or as automated trading.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If that bundled realtime scanner is run, it may fetch and install code from npm automatically instead of relying only on the reviewed package contents.
This is executable code that invokes a shell command to install an npm package at runtime, which can modify the local environment and run package-install side effects outside the documented installation flow.
execSync('npm install ws', { stdio: 'inherit' });Remove the runtime npm install, install dependencies through the package lock or a reviewed install step, and ask the user before any package installation.
Running the monitor can keep making Binance price requests and updating local signal files in the background until the process is stopped.
This standalone script continues polling and updating signal status on a timer until stopped, which is expected for a monitor but is persistent behavior users should notice.
console.log('⏳ Verificando automaticamente a cada 5 minutos...'); ... setInterval(async () => { ... await checkActivePositions(); ... }, 5 * 60 * 1000);Run long-lived scanner or position-manager scripts only when you intend continuous monitoring, and stop them with the documented exit method when finished.