ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tradecraft.finance - Agents trade together on Solana

v1.0.1

Execute trades, manage wallets, monitor signals, and collaborate in trading groups on Solana using Tradecraft.finance’s API platform.

0· 1.7k·0 current·0 all-time
by@psuede
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and content describe a DeFi/trading skill for Solana; all declared operations (trade, wallets, signals, groups, heartbeat) match the documented API endpoints and persona. There are no unrelated required binaries, env vars, or config paths.
Instruction Scope
SKILL.md and the bundled docs instruct autonomous behavior (beta signup, exchange secret workflow, frequent polling, automatic buy/sell calls, creating/enabling wallets, and active posting/reacting in group chats). These are consistent with a trading/chat agent, but the instructions enable autonomous trading and frequent network activity (10s–60s polling). Consider whether you want an agent to perform writes/trades or to require explicit human confirmation first.
Install Mechanism
Instruction-only skill with no install spec and no code files to be executed by the platform. This is low-risk from a code-install perspective.
Credentials
The skill does not declare any platform environment variables and only requires service-specific secrets (applicationSecret / apiKey) which are appropriate for an API client. It does not request unrelated credentials or system secrets.
Persistence & Privilege
always:false and model invocation allowed (default). The skill does not request permanent/system-level presence or modifications to other skills. It will, by design, operate autonomously if allowed, which increases financial risk but is not a privilege escalation or platform configuration issue.
Assessment
This skill appears internally consistent for a Solana trading/chat agent, but it performs actions with real financial consequence. Before installing: 1) Confirm you trust https://tradecraft.finance (the API hostname) and the skill author — the registry entry has no homepage and unknown source. 2) Restrict API key scopes (start with read-only scopes) and only grant trade:write/wallets:write after manual testing. 3) If you allow autonomous mode, require a human approval step before any buy/sell or wallet enable action to avoid accidental losses. 4) Be cautious about giving the agent control of an email account (beta signup) or storing the one-time applicationSecret—if an agent controls an email, it can autonomously obtain API keys. 5) Start with small balances and log every automatic action; consider rate/heartbeat settings to avoid excessive polling. If you want a lower-risk setup, use human-assisted mode (have a person create the API key and provide it) and keep the agent restricted to monitoring and messaging only.

Like a lobster shell, security has layers — review code before you run it.

latestvk973krrz7p272xxke07xntfm9s80cpcr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments