Back to skill
Skillv1.2.7
ClawScan security
bybit-trading-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 8:22 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested secrets and runtime instructions match its stated purpose (trading on Bybit); nothing in the bundle asks for unrelated credentials, installs, or behaviors that contradict the description.
- Guidance
- This package is internally consistent with its purpose, but it operates on live trading credentials so take these precautions before installing: 1) Use testnet API keys first and validate behavior. 2) Create a dedicated sub-account or API key with only Read + Trade permissions; NEVER enable Withdraw. 3) IP-whitelist the key if possible and limit balance on the API key. 4) Confirm the hosting platform enforces the skill's 'explicit confirmation for mainnet writes' policy (so it cannot place real trades without a clear user CONFIRM). 5) Rotate keys after testing and review the packaged files yourself (the skill is unofficial). If you see any unexpected endpoints, network calls to non-Bybit hosts, or instructions that would expose other secrets, do not use mainnet keys and revoke the key immediately.
Review Dimensions
- Purpose & Capability
- okName/description (Bybit trading) aligns with the declared requirements: only BYBIT_API_KEY and BYBIT_API_SECRET are requested (plus optional BYBIT_ENV). The modules and endpoints described are all Bybit API calls and are appropriate for a trading skill. The README explicitly states the package is unofficial and recommends review before connecting mainnet keys.
- Instruction Scope
- okSKILL.md instructs the agent to read only the declared environment variables, call Bybit API endpoints, perform a clock sync check, and require explicit confirmation for mainnet write operations. It forbids pasting keys into conversation and mandates masking in outputs. There are no instructions to read unrelated system files, exfiltrate data, or call non-Bybit endpoints.
- Install Mechanism
- okNo install spec and no code files are executed at install time — this is an instruction-only skill. That minimizes disk/write risk. There are no downloads or third-party install steps in the package.
- Credentials
- okThe skill requires only BYBIT_API_KEY and BYBIT_API_SECRET (primary credential BYBIT_API_KEY) and an optional BYBIT_ENV. These variables are necessary and proportionate for interacting with the Bybit API. The documentation explicitly warns not to enable Withdraw permissions and recommends IP binding and a sub-account with limited balance.
- Persistence & Privilege
- notealways:false (normal). The skill allows autonomous model invocation by default (disable-model-invocation:false), which is platform standard and not a disqualifier by itself. Because the skill can place trades, users should verify that the platform enforces the skill's confirmation rules (the SKILL.md requires explicit CONFIRM for mainnet writes). If the hosting platform allowed the skill to act without user-visible confirmations, risk increases.