Crypto Signals Automation
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent about building a crypto trading bot, but it asks for high-impact trading credentials and persistent automated order execution without enough built-in scope, approval, or containment.
Only install or use this if you intend to build a live crypto trading bot and are prepared to review the generated code. Start with dry-run or testnet behavior, use a separate low-balance wallet/subaccount, set strict limits, keep secrets out of chat/history, and do not enable cron-based trading until you have verified every order path and have a clear way to stop it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misconfigured or misused, the agent could trade with the user's dYdX account and potentially lose funds.
The skill asks for wallet and signing-related material for a financial trading account. That is high-impact account authority, and the artifacts do not tightly bound its use to testnet, read-only access, per-trade approval, or a declared credential contract.
dYdX wallet address + mnemonic file path + subaccount
Use a separate low-balance trading wallet/subaccount, start on testnet or controlled mode, set strict position and margin limits, and do not provide mnemonic/signing material unless you fully understand the generated trading code.
The automation could place, close, or cancel trades automatically, including repeated attempts, which can create financial loss if signals, market mapping, or generated code are wrong.
These are direct account-mutating trading actions. The instructions include retries and cleanup but do not require explicit user approval before each live order or define strong safeguards against unintended execution.
opens positions with retries, places TP/SL reduce-only conditional orders, closes stale positions, cleans orphan reduce-only orders
Require manual approval for live orders until thoroughly tested, add hard dollar caps and duplicate-order protection, log every action, and verify all generated dYdX calls before enabling automation.
Trading may continue on a schedule after initial setup, potentially acting on new signals when the user is not watching.
The skill is designed to create scheduled background trading. Persistence is disclosed and purpose-aligned, but because it controls financial actions, the lack of explicit stop, review, and monitoring controls is a material concern.
cron execution
Do not enable cron until manual testing is complete; add a clear disable command, monitoring alerts, maximum daily loss limits, and a dry-run mode.
Users cannot rely on a reviewed, complete trading implementation from the provided artifacts alone.
The skill has limited provenance and no packaged install path. This is not malicious by itself, but it matters because the skill asks the agent to build high-impact trading automation that is not fully present for review.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review any generated runtime or cron code before running it, pin any dependencies, and avoid giving real trading credentials to unreviewed code.