Signal Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to generate trading signals from public Binance market data and save them locally, but users should verify its alert delivery setup and dependency environment.
Before installing, verify the Python dependencies and trusted runtime environment, remember that the included code does not actually send Discord or Telegram alerts by itself, and only add the cron schedule if you want the skill to run continuously. Do not treat the generated signals as financial advice.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may believe Discord or Telegram alerts are being sent when the included code only creates local output, which could matter if you rely on alerts for trading decisions.
The documentation promises direct alert delivery, while the reviewed source only prints signals and writes last_signal.json. This is a capability mismatch users should notice.
automatically sends alerts to your configured channels (Discord, Telegram, etc.)
Treat this as a local signal generator unless you separately verify an OpenClaw, Discord, or Telegram sending wrapper.
Configured trading pairs and intervals will be requested from Binance, and the skill depends on that external service being reachable.
The skill makes external network calls to Binance for public OHLCV data. This is disclosed and purpose-aligned, and no API keys are used.
exchange = ccxt.binance()
ohlcv = exchange.fetch_ohlcv(self.symbol, interval, limit=limit)Use only symbols and intervals you are comfortable querying through Binance, and expect the skill to fail or return no data if the API is unavailable.
Runtime behavior may vary depending on what exists in /root/quant-trading-bot, and a broken or unexpected local environment could affect the skill.
The skill prepends an external absolute directory to Python's import path, so imports may depend on files outside the reviewed skill package.
sys.path.insert(0, '/root/quant-trading-bot')
Run it in a trusted Python environment, document or remove the hard-coded path if unnecessary, and install reviewed versions of pandas, numpy, and ccxt.
If you add the cron entry, the skill will keep running every five minutes until you remove that schedule.
The documentation suggests an optional cron schedule. This is user-directed persistence, not hidden self-installation.
*/5 * * * * cd ~/.openclaw/workspace/skills/signal-generator && python3 signal_generator.py
Only add the cron job if you want recurring execution, and keep a note of how to disable it.