Back to skill
Skillv0.1.0
ClawScan security
Trade Executor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 9, 2026, 10:26 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (execute trades on Binance and OKX) is plausible, but the runtime instructions and declared environment requirements are inconsistent and incomplete — notably OKX credentials are used in the docs but not declared — which could lead to unexpected behavior or hidden credential access.
- Guidance
- Do not install or grant API keys until the owner clarifies the credential requirements and behavior. Specific actions to consider before proceeding: - Ask the publisher to update metadata to list OKX env vars (OKX_API_KEY, OKX_API_SECRET, OKX_PASSPHRASE) if OKX support is intended, or remove OKX docs if not. - Only provide exchange API keys with minimal permissions (enable trading, disable withdrawals), and ideally restrict by IP or use testnet keys first. - Confirm who/what provides the gateway that enforces cross-session limits and audit logging (openclaw.json and gateway behavior), and verify those controls exist in your environment. - Verify the skill cannot bypass the explicit user confirmation step on your platform (test with a dry-run or very small orders in a sandbox environment). - If you need higher assurance, request the skill source (code or full implementation) for review or prefer a well-audited plugin from a known publisher. If you rely on OKX functionality and the skill's metadata is not corrected, treat the skill as incomplete/untrusted because it may attempt to access undeclared secrets at runtime.
Review Dimensions
- Purpose & Capability
- concernThe skill advertises support for Binance and OKX. The metadata/requirements only declare BINANCE_API_KEY and BINANCE_API_SECRET as required env vars (primaryEnv = BINANCE_API_KEY). However impl/okx.md describes OKX-specific credentials (OKX_API_KEY, OKX_API_SECRET, OKX_PASSPHRASE). This mismatch means the skill's declared needs do not fully match its claimed capabilities.
- Instruction Scope
- concernSKILL.md and impl files instruct calling official exchange APIs (api.binance.com, api.okx.com), performing HMAC signing, and requiring user confirmation and risk checks — these are appropriate. However the instructions reference openclaw.json allowedPairs and a gateway that tracks daily counts/losses across sessions without declaring access to those config or state paths. Also impl/okx.md references environment variables not listed in the skill metadata, which indicates the runtime agent may access env vars beyond those declared.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files to write to disk, which minimizes install-time risk.
- Credentials
- concernRequiring Binance API key/secret is proportionate for Binance trading. But because the skill also documents OKX integration that requires additional secrets, the environment requirements are incomplete/ambiguous. The skill may expect or attempt to read OKX credentials at runtime even though they aren't declared. The skill requests API keys (sensitive) and therefore the exact set of credentials should be clearly documented and limited to trade-only keys; that clarity is absent.
- Persistence & Privilege
- okalways:false and no install behavior modifying other skills or system-wide config. The skill states it will not write files and relies on a gateway for audit logging, which is consistent with being instruction-only.