Binance Square Skill
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill is coherent for Binance Square posting, but it relies on full Binance session cookies and includes helper code that can persist or use those credentials in risky ways.
Only install or run this skill if you are comfortable giving the agent a live Binance session. Prefer a dedicated account, require explicit approval before each post, do not run the endpoint probe on a real account, and inspect/delete any generated API analysis files that may contain cookies or tokens.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with these values may act as the logged-in Binance user for the supported Binance endpoints, and the credential is broader than a scoped posting-only token.
The skill requires the user's full Binance browser cookie header and CSRF token, which are active account session credentials used for authenticated publishing.
`BINANCE_COOKIE_HEADER` | 浏览器请求的完整 `cookie` header 值 ... `BINANCE_CSRF_TOKEN` | `csrftoken` cookie 的值
Use only with a dedicated or low-risk account, keep the env isolated, rotate/logout the session after use, and require explicit approval before publishing.
Users may underestimate the sensitivity of the skill before installation because the registry contract does not surface the required Binance session credentials.
Registry metadata says no env vars or primary credential are required, while the skill documentation requires Binance cookie and CSRF session values.
Required env vars: none ... Primary credential: none
Fix the registry metadata to declare Node and the Binance cookie/CSRF credentials clearly before users install or invoke the skill.
Sensitive Binance session material could be saved under the project directory and later exposed through logs, sharing, or accidental git commits.
The analyzer captures request headers and writes them into a persistent JSON report; authenticated Binance requests may include cookies, CSRF tokens, or session-like headers.
const headers = request.headers(); ... capturedRequests: requests ... writeFileSync(outputPath, JSON.stringify(report, null, 2), "utf8");
Do not run the analyzer with real sessions unless necessary; redact Cookie/CSRF/session headers, add generated reports to .gitignore, and delete any generated analysis files.
If run against a logged-in Binance browser, this helper could create, publish, or draft test content on the user's account unexpectedly.
The probe helper uses the live browser session to POST to private content creation/publish/draft endpoints with test content, without an evident dry-run or confirmation gate.
credentials: "include" ... ["POST", "/bapi/composite/v1/private/pgc/content/publish", { content: "test" }]Avoid running probe-endpoints.ts on a real account; add explicit confirmation, dry-run mode, and safeguards before any mutating endpoint probes.
A misconfigured or untrusted CDP endpoint could expose or misuse the Binance session through browser-control access.
The optional CDP path connects to a browser debugging endpoint and injects Binance cookies into that browser context.
const pages = await fetchCdpPages(this.config.cdpUrl); ... await injectCookies(send, this.config.cookieHeader);
Use CDP only with a trusted local browser endpoint, do not expose the debugging port publicly, and close the browser debugging session after use.