Skillv0.7.0

ClawScan security

Passive Income Claw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 6:57 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what its description says (scanning and executing Binance Earn and margin flows) and only asks for Binance API credentials, but there are technical/instruction mismatches and real financial risk from its auto-execution/borrow flows that you should understand before installing.
Guidance: This skill appears to implement what it claims, but take the following steps before installing or enabling auto execution: - Review and run the code in a safe environment first (do a dry run / read-only checks). The scripts are TypeScript (.ts) files — ensure your runtime can execute them (node alone may not run .ts without ts-node or a transpilation step). The skill's metadata incorrectly omits 'node' as a required binary. - Limit API key permissions: create an API key that only enables the exact permissions you need (read balances/positions and Earn operations; add Margin only if you intend to use borrow-to-earn). Do NOT enable withdrawal on any key you give to this skill. - Prefer confirm-first mode initially. Do not enable confirmation_mode: auto until you have tested scans and executions and are comfortable with the logic and limits. - Use IP whitelisting on your Binance API key (bind to OpenClaw's running IP) and rotate keys if you change configuration. The README recommends this — follow it. - Inspect the user-profile.md defaults the skill will write (single_amount_limit, daily_amount_limit, allowed_operations, asset_whitelist) and set conservative limits before allowing any execution. - Because the skill can borrow on margin, be aware of liquidation and interest risk; test margin flows with small amounts or not at all if you lack experience. - If you want additional assurance, ask the publisher for clarification about runtime requirements (how to run .ts files), why 'node' is not declared as a required binary, and request a signed release or provenance information (source/homepage is unknown).

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (Binance passive-income scanning and execution) matches the code and the required environment variables (BINANCE_API_KEY / BINANCE_API_SECRET). However the metadata claims no required binaries while the SKILL.md and the bundled scripts repeatedly instruct running node {baseDir}/bin/*.ts. Bundled files are TypeScript (.ts) and assume a Node/TypeScript runtime (and availability of 'node' and possibly a TypeScript runner), but 'node' is not declared as a required binary. That mismatch (no declared runtime but executable .ts scripts) is an incoherence the user should resolve before running.
Instruction Scope: noteRuntime instructions and scripts perform network calls exclusively to api.binance.com and call other OpenClaw skills for pricing; they read and write profile, snapshot, and execution-log files under ~/passive-income-claw and may register cron jobs. The flows include borrow-to-earn (margin borrow + subscribe) with rollback logic. These behaviors are consistent with the stated purpose, but they involve performing live financial operations (borrowing, subscribing, repaying) which can incur losses; the SKILL.md allows an 'auto' mode that will execute recommended trades automatically if profile settings permit.
Install Mechanism: okThere is no external install/download step (instruction-only installation). All code is bundled in the skill and nothing is fetched from external URLs. This is lower risk from a supply chain perspective, but it means the included TypeScript files will be executed locally — see the purpose_capability note about runtime assumptions.
Credentials: okThe skill only requests BINANCE_API_KEY and BINANCE_API_SECRET, which is proportionate for interacting with Binance's Earn and Margin APIs. The README advises enabling Earn and (optionally) Margin permissions and explicitly forbids withdrawal permission; that is appropriate for the stated functionality. The skill will need API keys with margin/earn permissions if you want borrow-to-earn features — enable only what you intend to use.
Persistence & Privilege: notealways:false (normal). The skill stores user profile, snapshot, and execution logs under ~/passive-income-claw and can register a cron job via OpenClaw. The notable risk is behavioral rather than privileged: if you enable confirmation_mode: auto and allow margin-borrow in allowed_operations, the skill can autonomously execute borrow-and-subscribe operations using your API keys, which may cause financial exposure. This is a feature for convenience but increases blast radius if misconfigured.