tradr
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
tradr is openly a trading bot, but it can persistently and automatically trade through Bankr with trade guards bypassed, so it needs careful review before use.
Install only if you intentionally want an automated on-chain trading system. Before starting it, review config.json, keep trade sizes small, use the --user systemd install or a dedicated non-root user, secure any signal adapters/dashboard endpoints, and verify Telegram notification routing so trades are not broadcast unexpectedly.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent, a user, or a signal adapter calls the entry script with a contract address and score, Bankr may spend wallet funds without an additional Bankr approval step.
The entry path invokes Bankr to place trades while explicitly enabling a trade-guard bypass.
env["BANKR_ALLOW_TRADE"] = "1" # Bypass trade guard for mechanical pipeline
result = subprocess.run(
[bankr_script, prompt],Use only trusted signal sources, keep score_to_size and max_position_size conservative, and consider adding an explicit confirmation or allowlist before Bankr execution.
The skill can keep operating in the background and automatically sell positions according to its rules until the service is stopped or disabled.
The installer creates a persistent service that runs the exit manager and restarts it after failures.
ExecStart=$(command -v python3) $EXIT_SCRIPT Restart=on-failure RestartSec=10
Do not start or enable the daemon until configuration is reviewed; know how to run `systemctl stop/disable tradr-exit-manager`, and prefer a user service when possible.
A bug, compromised config path, or configured notification hook could execute with more local privilege than a trading bot needs.
The systemd service block does not set a non-root User=, so the default system-wide install can run the trading daemon with root privileges.
[Service] Type=simple ExecStart=$(command -v python3) $EXIT_SCRIPT Restart=on-failure RestartSec=10 WorkingDirectory=$SKILL_DIR
Install with `./scripts/setup.sh --user` or add a dedicated low-privilege `User=` to the systemd unit before enabling it.
If the Telegram hook is enabled with a broadcast channel, buy activity may be shared more widely than the user expects.
The comment says buy notifications go to DM only, but the code broadcasts buy notifications as well.
# Routes: buy → DM only, sell → DM + broadcast
...
buy)
send_dm "$TEXT"
send_broadcast "$TEXT"Fix the buy route to DM-only, remove BOT2/CHANNEL_ID, or update the documentation so the broadcast behavior is explicit.
If copied as-is onto a reachable host, someone else could potentially send webhook requests that trigger trades.
The webhook adapter example listens on all interfaces and directly turns POST bodies into trade entries, without showing authentication.
data = json.loads(self.rfile.read(int(self.headers['Content-Length'])))
feed_to_tradr(data["ca"], data["score"], data.get("chain"))
...
HTTPServer(("", 8080), Handler).serve_forever()Bind webhook adapters to localhost or a private network, require authentication/signatures, validate payloads, and add rate limits before connecting them to live trading.
If the dashboard API is served without access controls, wallet addresses, strategy settings, file paths, and trade history may be exposed to unintended viewers.
The dashboard design expects an API endpoint that returns the full config file.
GET /api/tradr-config — returns config.json contents
Serve dashboard endpoints only locally or behind authentication, and avoid returning secrets or unnecessary config fields.