ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Btc Strategy V40

v4.0.1

BTC V4.0 量化交易策略 - 基于 EMA3/EMA8 交叉、RSI 和动量的多因子信号系统。 通过 Agent Trade Kit 自动执行 BTC-USDT-SWAP 永续合约交易。

0· 44·0 current·0 all-time
by@qianzhentao1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md describes using agent primitives like market_get_candles and swap_place_order (Agent Trade Kit). The shipped scripts, however, call the OKX CLI, curl to public exchange APIs, and expect local files under $HOME (e.g. $HOME/.config/trading_bot/telegram_token). The metadata declares no required binaries, env vars, or config paths, so the code's actual dependencies (okx CLI, curl, python3, bc, awk, network access, and local token file) are not reflected — this mismatch is unexpected for a trading strategy that claims to operate via the agent API.
!
Instruction Scope
SKILL.md limits runtime actions to fetching market data and placing swap orders via agent APIs and requires the AI to reason and then call swap_place_order. The runtime files instead: run a local Python script that invokes the 'okx' CLI and prints/writes signals, and a bash monitor that runs every minute, writes logs/state under $HOME, reads a Telegram token file, and sends messages to a hardcoded Telegram chat via api.telegram.org. The scripts read/write local state files (/tmp/btc_signal.txt, $HOME/.okx_data/, state file) and call third-party APIs — none of these behaviors are mentioned in SKILL.md and they expand the scope beyond what the description suggests.
Install Mechanism
There is no install spec (instruction-only). However, the skill bundle includes executable scripts that will run from disk. Although no external download/install occurs at install time, the presence of these scripts means local execution will depend on system binaries and network access. No high-risk download URLs were found, but the lack of an install manifest means the agent/user may not be warned about required binaries.
!
Credentials
The skill metadata declares no required env vars or credentials, yet the bash script attempts to read a Telegram bot token from $HOME/.config/trading_bot/telegram_token and uses a hardcoded Telegram chat_id. The Python script invokes the 'okx' CLI (which typically requires OKX credentials/config) and the shell script will call exchange APIs and may rely on local CLI credentials. Reading unstated local config paths and relying on locally-stored credentials without declaring them is disproportionate and opaque.
Persistence & Privilege
The scripts create and write persistent files under the user's home ($HOME/.okx_data/signal_monitor_v40_fixed.log, trading_state_v40.txt) and use /tmp/btc_signal.txt. They do not request always:true nor modify other skills' configs, but they do establish long-running behavior (an infinite loop in the bash monitor) and persistent state on disk, which is notable and should be reviewed before running.
What to consider before installing
This skill is suspicious because its code files do things not described in SKILL.md and it expects local credentials/config that are not declared. Before installing or running it: 1) Do not run on a machine that holds real exchange API keys or irreplaceable data. 2) Inspect the full Python and shell scripts locally (you already have them) and search for any hardcoded endpoints or tokens. 3) If you want notifications, note the script reads a Telegram bot token from $HOME/.config/trading_bot/telegram_token and posts to a hardcoded chat_id — ensure you control that token and chat. 4) The scripts call the 'okx' CLI and public exchange APIs; ensure you understand which credentials are used by the OKX CLI and whether they are present. 5) Prefer running in a sandbox or VM and use testnet/demo accounts; remove or replace automatic network/posting behavior until you explicitly configure it. 6) Ask the author to (a) declare required binaries and env vars, (b) remove or explicitly document reading from HOME paths, (c) avoid hardcoded chat IDs, and (d) make external calls and credential use explicit. Because the mismatch could be sloppy engineering or intentional obfuscation, exercise caution and confirm expected behaviors before giving the skill access to real funds or credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk973m12bym6dqgf9hhxc05c0px84s9ed

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments