Dawn
AdvisoryAudited by Static analysis on May 11, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A live strategy could spend real funds up to the configured budget without asking before each individual trade.
The skill supports launching generated strategy code in live mode, where the strategy can execute real prediction-market trades using the selected wallet.
dawn strategy launch ~/.dawn-cli/strategies/btc-election-2026.py --name "btc-election-2026" --budget 100 --live
Use paper mode first, inspect generated strategy code, set the smallest practical budget, and require a clear user confirmation before any live launch.
A strategy may keep monitoring and trading until stopped, and multiple runs could operate at the same time.
The skill intentionally creates long-running background strategy processes that can continue acting after the initial user interaction.
The runner spawns them as a background process and reads stdout/stderr into a log file. Multiple strategies can run in parallel.
Monitor runs with `dawn strategy list` and logs, stop strategies when finished, and avoid live mode unless you intend ongoing autonomous trading.
Anyone or any process with access to the token could act as the user in Dawn within the token’s permissions.
The workflow can use a Dawn JWT token for authenticated commands, which is expected for the service but sensitive.
export DAWN_JWT_TOKEN="<token>" ... This bypasses `dawn auth login` entirely. The token is used for all subsequent commands.
Store tokens securely, avoid sharing logs or shell history containing tokens, and prefer interactive login unless headless use is necessary.
Selecting and funding a wallet enables real trades and possible financial loss.
The skill manages wallet selection and funding for live trading, which is purpose-aligned but gives the workflow access to real-value crypto assets.
dawn wallet use <name-or-address> ... dawn wallet fund ... This opens MoonPay to deposit POL on Polygon.
Use a dedicated low-balance wallet, verify the active wallet before live trading, and avoid funding more than you are willing to risk.
A malicious or compromised dependency could execute code locally when the strategy environment is built.
Strategy launches may install Python dependencies from package sources. This is expected for local strategy projects, but dependencies are not shown as pinned or reviewed in the artifacts.
any pip dependency you declare in `pyproject.toml` (`[project.dependencies]`) or a `requirements.txt` next to the entrypoint. The runner builds a per-deps cached venv on first launch
Keep dependencies minimal, pin versions when possible, and review any generated `requirements.txt` or `pyproject.toml` before launching.
Template strategy code can run on the local machine and, in live mode, may trade using the configured wallet and budget.
The workflow can download and run template strategy code locally. The artifacts disclose this, but users should treat community strategy code as executable code.
dawn template launch <name> --name <your-run-name> ... Community strategies are fully editable. After `dawn template launch`, the strategy is saved to `~/.dawn-cli/templates/<name>.py`.
Launch templates in paper mode first and inspect the saved template file before relaunching or using live mode.
Bad cached state could cause a strategy to make repeated or incorrect decisions until corrected or stopped.
Strategies can persist state across iterations. This is useful for trading logic, but persisted signals can influence later automated decisions.
per-iteration state can be cached across iterations with `set_state` / `get_state` (a small KV store keyed to the strategy).
Log important state changes, keep cached state scoped to the strategy, and reset or inspect state when revising a strategy.