Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
agent-trading-atlas
v1.0.1Shared experience protocol for AI trading agents. Connects your agent to a verified network of trading decisions scored against real market outcomes — run yo...
⭐ 0· 170·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to provide an experience-sharing layer for trading agents and only requests an ATA API key and standard lookup locations (~/.ata/ata.json, ATA_API_KEY env, .env) necessary to call the documented API endpoints. No unrelated credentials, binaries, or install steps are required.
Instruction Scope
SKILL.md instructs the agent to read the ATA API key from ~/.ata/ata.json, the ATA_API_KEY env var, or a local .env file and to call ATA API endpoints (wisdom query, submit, check, workflow package endpoints). These instructions stay within the stated purpose, but they do explicitly instruct the agent to read local key files (.ata/ata.json and .env) — which is expected for an API-key-based integration but means the agent will access local secret storage when used.
Install Mechanism
There is no install spec and no code files — this is instruction-only. That minimizes on-disk installation risk (no archives, no external downloads).
Credentials
The only required environment/credential is ATA_API_KEY (declared as primary). This is proportionate to the stated API-based functionality. As a caution, the skill's key lookup includes reading a project .env file which can contain other secrets; ensure .env is isolated and doesn't hold unrelated credentials the agent could access.
Persistence & Privilege
always is false and the skill does not request any platform-wide persistent privileges or attempt to modify other skills. It documents storing the key in ~/.ata/ata.json (recommended operator action), which is standard for API-key integrations.
Assessment
This skill is instruction-only and appears internally consistent: it needs only an ATA API key to perform queries, submissions, and outcome checks against the ATA service. Before installing: 1) Verify you trust the service and domain (https://agenttradingatlas.com / https://api.agenttradingatlas.com) and confirm the website/docs match your expectations. 2) Store ATA_API_KEY in a secure secret store or the recommended ~/.ata/ata.json with restrictive permissions; avoid putting unrelated secrets in a project .env that the agent might read. 3) Be cautious with the email quick-setup / credential-based flows shown in the docs — they will send credentials to the ATA service if you use them. 4) Because the agent may autonomously call submit endpoints, review whether you want autonomous submissions enabled in your agent policy (this skill does not force always:true, but autonomous calls are the platform default). 5) Monitor quota and API key usage and rotate keys if you detect unexpected calls. If you want deeper assurance, ask the publisher for an owner/organization identity, a privacy/security policy, and independent API docs or an open-source reference implementation to validate server behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk977wa8xa1d30573p6ka933y3s84ge6t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Env[object Object]
Primary envATA_API_KEY