Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Dex Skill
v3.46.0加密货币量化交易 AI Skill。用自然语言描述交易规则 → 生成策略脚本 → 服务器回测 → 参数优化 → 实时监控。 支持 Binance/Hyperliquid 全币种,6 种优化算法(genetic/bayesian/grid/random/annealing/pso),异步进度推送。 Use when...
⭐ 0· 422·1 current·1 all-time
bypaddy@miyaosk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (quant trading: generate Python strategies, backtest, optimize, monitor, trade) align with the included modules: data_client (Binance/etc.), indicators, strategy templates, api_client (server integration), signal_runtime, risk_checker, and trade execution. The presence of a remote server API client is consistent with the stated server-side backtest/monitor features.
Instruction Scope
SKILL.md enforces runtime actions: creating strategy/output directories, attempting to pip-install dependencies, generating Python scripts, and automatic callouts to the remote server. It also enforces strict behavioral rules (e.g., exact canned replies for 'Recommend' and 'Optimize' workflows and a high-priority numeric-reply rule that must map numbers to actions and then execute them). Those rules could cause the agent to perform network operations or run optimizations/backtests/monitoring without sufficient confirmation. The preamble will run subprocess pip install with --break-system-packages which can change the environment. The skill also instructs writing files (strategies, .auth.json, runtime state) to disk.
Install Mechanism
The registry has no formal install spec; it's instruction-only, but the SKILL.md preamble will attempt to pip install httpx, loguru, matplotlib at runtime using subprocess and the --break-system-packages flag. That is higher-risk than a pure instruction-only skill because it fetches packages from PyPI at runtime and alters the Python environment; the packages themselves are common but the install flag is notable and may fail on some systems or be undesirable.
Credentials
The skill declares no required env vars, but code reads PROXY_URL and relies on platform paths (/data/.openclaw/workspace) and Path.home for storing state (.dex-quant, .auth.json). MachineAuth extracts a workspace UUID (and hashes it) and registers it with an external server, which results in sending a stable device identifier and receiving a token cached on disk. These behaviors are plausible for quota/auth, but they leak a stable device identifier to a third‑party server and create persistent credential files — both need user consent. No explicit declaration of the external server URL or privacy implications appears in SKILL.md beyond docs.
Persistence & Privilege
The skill persists state: .auth.json (token/device id), runtime state files, logs under ~/.dex-quant, and saved strategy files under the skill base directory. always:false (good). The skill can be invoked autonomously and its SKILL.md encourages direct execution; combined with the ability to place live orders (TradeExecutor) this raises operational risk if executed without careful confirmation. The skill does not appear to change other skills' configs.
Scan Findings in Context
[pre-scan-injection] expected: Scanner reported 'None detected'. Manual review found network calls, token registration, and on-disk token caching which are expected for a client/server trading tool.
What to consider before installing
What to consider before installing/use:
- Trust and provenance: The skill contacts a third‑party server (DEFAULT_SERVER_URL on railway.app) and auto-registers a device identifier, storing a token in .auth.json. Only proceed if you trust that remote service and its operator.
- Private keys & live trading: The package includes code paths for automated order execution. Never enable automatic 'monitor + auto-order' on mainnet until you have audited TradeExecutor, tested thoroughly on testnet, and verified the 'secure link' upload process.
- Run in isolation first: Use dry-run mode and test with testnet data or in an isolated environment/container. Inspect trade_executor.py, api_client.py, and machine_auth.py before allowing network access.
- Dependencies: The SKILL.md will try to pip install packages at runtime using --break-system-packages. Prefer installing dependencies in a virtualenv/container manually, or reject the automatic install.
- Files written: The skill writes tokens, logs, state and strategies to disk (~/.dex-quant, .auth.json, skill strategies/). Review and clean these files if you uninstall.
- Numeric-reply automation: The skill's instructions force the agent to treat single-number replies as high-priority commands (may trigger optimization/backtest/monitor). Decide whether you want that behavior; require explicit confirmations for any live-deploy or key-handling steps.
If you are not comfortable auditing the code or trusting the remote server, do not enable live trading and restrict the skill to offline/dry-run usage only.Like a lobster shell, security has layers — review code before you run it.
latestvk97ctts7g6zjbtqt57fmge7v6d84kqyp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.