ClawHub
Back to skill
v1.0.0

tradr

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:40 AM.

Analysis

This skill is review-worthy because it can automatically buy and sell real on-chain assets through Bankr and installs a persistent exit manager daemon.

GuidanceInstall only if you intentionally want an automated live-trading system. Use a dedicated low-balance wallet, review config.json carefully, understand the systemd service lifecycle, verify Bankr permissions, and edit or disable Telegram/dashboard exposure before running live trades.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
scripts/exit-manager.py
env["BANKR_ALLOW_TRADE"] = "1"  # Bypass trade guard for mechanical pipeline
        env["BANKR_ALLOW_SELL"] = "1"

The daemon explicitly sets environment variables to bypass Bankr trade/sell guards before invoking the Bankr trading script, which creates high-impact automated transaction authority.

User impactA configured signal or exit rule can cause real on-chain trades without a separate human confirmation at the Bankr layer.
RecommendationUse a low-balance dedicated wallet, review every sizing and exit rule, consider removing guard-bypass behavior, and require explicit approval or dry-run mode before live trades.
Rogue Agents
SeverityMediumConfidenceHighStatusConcern
scripts/setup.sh
ExecStart=$(command -v python3) $EXIT_SCRIPT
Restart=on-failure
...
systemctl enable "$SERVICE_NAME"

The setup script installs and enables a persistent systemd service for the exit manager, which is designed to keep running and restart after failures.

User impactThe skill can continue monitoring positions and executing exits in the background after setup/startup.
RecommendationPrefer the user-service option, disable the service when not actively trading, monitor logs, and confirm you understand how to stop and remove the daemon.
Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/notify-telegram.sh
# Routes: buy → DM only, sell → DM + broadcast
...
buy)
        send_dm "$TEXT"
        send_broadcast "$TEXT"

The comment says buy notifications are DM-only, but the actual code broadcasts buy notifications as well.

User impactTrade activity could be posted to a Telegram channel when the user may expect buy alerts to remain private.
RecommendationInspect and edit the notification script before enabling it, especially removing broadcast behavior for buys unless that is intentional.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
Bankr skill installed (`~/.openclaw/skills/bankr/`) with a valid API key ... A funded wallet

The skill depends on delegated Bankr credentials and funded wallets to execute trades, even though the registry metadata lists no primary credential.

User impactInstalling and running this skill can give the workflow access to spend funds through an already-configured Bankr account.
RecommendationOnly run it with a dedicated Bankr account or wallet whose loss you can tolerate, and ensure the credential/funded-wallet requirement is clearly declared and scoped.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceMediumStatusNote
SKILL.md
GET /api/positions ... GET /api/trades ... GET /api/tradr-config ... You can serve these from any HTTP server

The dashboard expects HTTP endpoints that expose positions, trade logs, and config data, but the artifact does not include authentication or hosting guidance.

User impactIf the dashboard endpoints are served publicly, others could view your trading history, open positions, or configuration.
RecommendationServe the dashboard only locally or behind authentication, and avoid exposing config or trade-log endpoints to the public internet.