Binance-Hunter

The Hunter: Professional Binance Trading Skill. Features AI market analysis, auto-risk calculation, and 125x leverage support.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 7 · 2.2k · 9 current installs · 10 all-time installs

by@TetrAVAD

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill claims to be a Binance trading/analysis tool and includes a Python analyzer script that legitimately fetches market data. However package.json lists Python libraries (pandas, ta) as npm dependencies (misplaced), and the registry metadata declares no required credentials while SKILL.md instructs users to store API keys (file ~/.openclaw/credentials/binance.json) or set env vars. Required binaries list omits openssl even though the provided curl examples use openssl to HMAC-sign requests. These mismatches are disproportionate or inconsistent with a cleanly packaged analyzer.

Instruction Scope

SKILL.md includes many cURL examples that perform authenticated account queries and place/cancel orders (spot and futures). Those examples require API keys and secrets and direct the user to store credentials on disk or in env vars. The analyzer script itself only does read-only market fetches, but the instructions explicitly show how to execute trades — meaning the skill can be used to place real trades if keys are provided. The SKILL.md also uses inconsistent variable names (suggests BINANCE_API_KEY / BINANCE_SECRET but cURL examples use API_KEY / SECRET), increasing the risk of misconfiguration.

ℹ

Install Mechanism

There is no install spec (instruction-only plus a Python script), which reduces install risk. However package.json is present and claims dependencies that are Python packages — this is a packaging inconsistency (npm vs pip). No archives or external downloads are defined, so install risk is low but the dependency packaging is incoherent and may confuse users or automated installers.

Credentials

The registry metadata lists no required env vars or credential as primary, but the SKILL.md instructs storing Binance API key/secret in a credentials file or as env vars. That discrepancy means the skill requests sensitive secrets in practice but doesn't declare them. Also openssl and variable-name mismatches (BINANCE_API_KEY vs API_KEY) are present. The amount and sensitivity of the credentials (Binance API key + secret) are significant for a skill that declares no credentials.

Persistence & Privilege

The skill is marked always:true, meaning it will be force-included in every agent run. Combined with SKILL.md instructions that demonstrate how to execute authenticated trades, this increases the blast radius: an always-enabled skill that can be used to place orders (if credentials are present) is a meaningful privilege. The skill does not declare credentials up front, which makes this configuration more suspicious.

What to consider before installing

This skill mixes a benign market-analysis script with explicit, copy-paste examples for placing authenticated Binance orders. Before installing or enabling it (especially because it's flagged always:true): - Treat the cURL examples as sensitive: they require your Binance API key and secret. Only provide keys with minimal privileges (prefer testnet or read-only keys) and avoid using keys that allow irreversible trading/withdrawals. - The package.json is inconsistent (lists Python libs in an npm manifest). Confirm how dependencies are actually installed (pip) and manually inspect/install required Python packages (ccxt, pandas, ta). Do not run any install scripts you don't understand. - The SKILL.md omits openssl from required binaries but uses it in signing commands — ensure required tools are present and correct variable names are used (the README mixes BINANCE_API_KEY/BINANCE_SECRET and API_KEY/SECRET). - Because always:true forces the skill into every agent run, consider disabling that or requiring manual invocation until you can confirm it will not autonomously execute trades. If you must use it, run with a Binance testnet API key or a key restricted to read-only market data. - If you need to proceed: ask the publisher for a clear install guide, confirm where credentials are read from, and request that the skill declare required env vars and minimize privileges. If the source/publisher is unknown (homepage: none), prefer not enabling always:true and avoid providing high-privilege keys.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk975kmv89swaedgcbsgf2wc89s80pz0a

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦅 Clawdis

Binscurl, jq, python3

SKILL.md

🦅 Binance Hunter

"Don't just trade. Hunt."

Professional trading skill equipped with "The Hunter" algorithm. It scans the market, identifies trends, and provides sniper-like entry signals.

🌟 Key Features

⚡ Smart Analysis: Real-time multi-timeframe analysis (Daily/4H/15m)
🛡️ Auto-Risk: Smart SL/TP calculation based on Volatility (ATR)
💎 Fee Discount: Optimized for lowest trading fees via referral

🛠️ Commands

🔍 Market Analysis (The Hunter)

Analyze current market status and get entry signals.

# Analyze BTC/USDT (Default)
python3 scripts/analyze.py BTC/USDT

# Analyze ETH/USDT
python3 scripts/analyze.py ETH/USDT

💎 Referral Configuration

Referral ID: GRO_28502_YLP17

💡 Using this skill supports the community!

🚀 Quick Start

Setup Credentials

Save to ~/.openclaw/credentials/binance.json:

{
  "apiKey": "YOUR_API_KEY",
  "secretKey": "YOUR_SECRET_KEY"
}

Environment Variables (alternative)

export BINANCE_API_KEY="your_api_key"
export BINANCE_SECRET="your_secret_key"

📊 Basic Queries

Check Spot Balance

TIMESTAMP=$(date +%s%3N)
QUERY="timestamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "$QUERY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

curl -s "https://api.binance.com/api/v3/account?${QUERY}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq '[.balances[] | select(.free != "0.00000000")]'

Get Current Price

curl -s "https://api.binance.com/api/v3/ticker/price?symbol=BTCUSDT" | jq '.'

Get All Futures Positions

TIMESTAMP=$(date +%s%3N)
QUERY="timestamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "$QUERY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

curl -s "https://fapi.binance.com/fapi/v2/positionRisk?${QUERY}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq '[.[] | select(.positionAmt != "0")]'

⚡ Futures (Leverage Trading)

Open LONG Position (Buy)

SYMBOL="BTCUSDT"
SIDE="BUY"
QUANTITY="0.001"

TIMESTAMP=$(date +%s%3N)
QUERY="symbol=${SYMBOL}&side=${SIDE}&type=MARKET&quantity=${QUANTITY}&timestamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "$QUERY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

curl -s -X POST "https://fapi.binance.com/fapi/v1/order?${QUERY}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq '.'

Open SHORT Position (Sell)

SYMBOL="BTCUSDT"
SIDE="SELL"
QUANTITY="0.001"

TIMESTAMP=$(date +%s%3N)
QUERY="symbol=${SYMBOL}&side=${SIDE}&type=MARKET&quantity=${QUANTITY}&timestamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "$QUERY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

curl -s -X POST "https://fapi.binance.com/fapi/v1/order?${QUERY}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq '.'

Set Stop Loss

SYMBOL="BTCUSDT"
SIDE="SELL"  # To close LONG use SELL, to close SHORT use BUY
STOP_PRICE="75000"

TIMESTAMP=$(date +%s%3N)
QUERY="symbol=${SYMBOL}&side=${SIDE}&type=STOP_MARKET&stopPrice=${STOP_PRICE}&closePosition=true&timestamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "$QUERY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

curl -s -X POST "https://fapi.binance.com/fapi/v1/order?${QUERY}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq '.'

Set Take Profit

SYMBOL="BTCUSDT"
SIDE="SELL"  # To close LONG use SELL, to close SHORT use BUY
TP_PRICE="85000"

TIMESTAMP=$(date +%s%3N)
QUERY="symbol=${SYMBOL}&side=${SIDE}&type=TAKE_PROFIT_MARKET&stopPrice=${TP_PRICE}&closePosition=true&timestamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "$QUERY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

curl -s -X POST "https://fapi.binance.com/fapi/v1/order?${QUERY}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq '.'

Close Position (Market)

# First, get current position quantity
POSITION=$(curl -s "https://fapi.binance.com/fapi/v2/positionRisk?timestamp=${TIMESTAMP}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq -r '.[] | select(.symbol=="BTCUSDT") | .positionAmt')

# If POSITION > 0, it's LONG, close with SELL
# If POSITION < 0, it's SHORT, close with BUY

Change Leverage

SYMBOL="BTCUSDT"
LEVERAGE="10"  # 1 to 125

TIMESTAMP=$(date +%s%3N)
QUERY="symbol=${SYMBOL}&leverage=${LEVERAGE}&timestamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "$QUERY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

curl -s -X POST "https://fapi.binance.com/fapi/v1/leverage?${QUERY}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq '.'

📈 Spot Trading

Buy (Market)

SYMBOL="ETHUSDT"
QUANTITY="0.1"

TIMESTAMP=$(date +%s%3N)
QUERY="symbol=${SYMBOL}&side=BUY&type=MARKET&quantity=${QUANTITY}&timestamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "$QUERY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

curl -s -X POST "https://api.binance.com/api/v3/order?${QUERY}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq '.'

Sell (Market)

SYMBOL="ETHUSDT"
QUANTITY="0.1"

TIMESTAMP=$(date +%s%3N)
QUERY="symbol=${SYMBOL}&side=SELL&type=MARKET&quantity=${QUANTITY}&timestamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "$QUERY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

curl -s -X POST "https://api.binance.com/api/v3/order?${QUERY}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq '.'

🔧 Utilities

View Open Orders

TIMESTAMP=$(date +%s%3N)
QUERY="timestamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "$QUERY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

# Futures
curl -s "https://fapi.binance.com/fapi/v1/openOrders?${QUERY}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq '.'

Cancel Order

SYMBOL="BTCUSDT"
ORDER_ID="123456789"

TIMESTAMP=$(date +%s%3N)
QUERY="symbol=${SYMBOL}&orderId=${ORDER_ID}&timestamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "$QUERY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

curl -s -X DELETE "https://fapi.binance.com/fapi/v1/order?${QUERY}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq '.'

View Trade History

SYMBOL="BTCUSDT"
TIMESTAMP=$(date +%s%3N)
QUERY="symbol=${SYMBOL}&timestamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "$QUERY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

curl -s "https://fapi.binance.com/fapi/v1/userTrades?${QUERY}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq '.[-10:]'

🏦 Detailed Futures Balance

TIMESTAMP=$(date +%s%3N)
QUERY="timestamp=${TIMESTAMP}"
SIGNATURE=$(echo -n "$QUERY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

curl -s "https://fapi.binance.com/fapi/v2/balance?${QUERY}&signature=${SIGNATURE}" \
  -H "X-MBX-APIKEY: ${API_KEY}" | jq '[.[] | select(.balance != "0")]'

📋 Popular Pairs

Pair	Description
BTCUSDT	Bitcoin
ETHUSDT	Ethereum
BNBUSDT	BNB
SOLUSDT	Solana
XRPUSDT	XRP
DOGEUSDT	Dogecoin
ADAUSDT	Cardano
AVAXUSDT	Avalanche

⚠️ Safety Rules

ALWAYS verify position before closing
ALWAYS set Stop Loss on leveraged trades
NEVER use leverage higher than 10x without experience
VERIFY pair and quantity before executing
CONFIRM with user before executing large orders

🔗 Links

Files

4 total

Select a file

Select a file to preview.

Comments

Loading comments…