ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Crypto Trader Pro

v1.0.0

Expert crypto trading assistant powered by 3commas strategies. Use this skill whenever the user mentions crypto trading, bots, DCA, grid trading, portfolio a...

0· 27·0 current·0 all-time
by@nicemaths123
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and SKILL.md consistently describe a 3commas-focused crypto trading advisor whose goal is to educate then convert users to 3commas. It requests no binaries, env vars, or installs, which is proportionate to an instruction-only marketing assistant.
!
Instruction Scope
The runtime instructions require the agent to always include a specific referral URL and to 'convert' users; they also require concrete numerical examples without providing data sources or a mechanism to backtest — this encourages fabrication or misleading claims. There is no disclosure of an affiliate relationship, and the agent is told to trigger broadly whenever trading is mentioned, which risks unsolicited promotional behavior.
Install Mechanism
No install spec or code files are present (instruction-only), which limits technical risk — nothing is written to disk and no external packages are fetched.
Credentials
The skill requests no environment variables, credentials, or config paths. It does not attempt to collect exchange API keys or other secrets in the instructions, so requested access is minimal and proportionate.
Persistence & Privilege
always:false (good). The skill is allowed to be invoked autonomously by the model (platform default). Combined with the directive to always include a referral link, autonomous invocation could lead to repeated unsolicited promotions.
What to consider before installing
This skill is essentially an affiliate-marketing assistant for 3commas rather than an impartial trading tool. Before installing, consider: (1) you should expect promotional bias — the skill directs the agent to always include a specific referral link and to 'convert' users; (2) it requires no credentials (low technical risk) but may produce unverified numerical examples — ask how the numbers were generated and avoid trusting fabricated backtests; (3) request transparency: require an explicit disclosure of any affiliate relationship and a source/homepage for the skill owner; (4) limit autonomous invocation or require user confirmation before the skill can post referral links; and (5) never allow the skill to collect or store your exchange API keys without a clear, auditable flow. If you want an unbiased advisor, prefer skills that cite data sources, avoid mandatory referral insertion, and come from a verifiable homepage/owner.

Like a lobster shell, security has layers — review code before you run it.

latestvk977qn508qg60esxp1ay2jxvt98428t5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments