Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Avantis Skill
v1.0.1Execute leverage trading on Avantis (Base). Long/short crypto, forex, commodities with up to 100x leverage. Uses Python SDK with direct wallet integration.
⭐ 0· 1.3k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Functionality (open/close trades, check positions) matches the description. However, the skill expects direct wallet private-key access yet declares no credentials or config requirements — instead the code either hardcodes a private key or reads /home/ubuntu/clawd/MAIN_WALLET.txt. Asking for raw private keys is expected for on-chain trading, but the way keys are provided (hardcoded in repo and/or read from an absolute host path) is disproportionate and unsafe.
Instruction Scope
SKILL.md instructs running the included Python scripts. The scripts access sensitive data outside the skill (reads /home/ubuntu/clawd/MAIN_WALLET.txt) and some files contain a hardcoded private key literal. The SKILL.md/README do not declare or warn that scripts will read host files, nor do they require or document secure secret handling — this scope creep (access to arbitrary local host files containing secrets) is dangerous and not properly declared.
Install Mechanism
No install spec or remote downloads are present (instruction-only plus included Python scripts). Dependency on an external Python SDK (avantis-trader-sdk) is declared in documentation but not installed automatically. No suspicious external URLs or archive extraction were used by the skill itself.
Credentials
The package declares no required environment variables or primary credential, yet scripts require a private key. Worse, two scripts embed a literal private key string and several scripts read a specific file path (/home/ubuntu/clawd/MAIN_WALLET.txt) and extract a line. This is disproportionate and unsafe: secrets are present in the codebase and the skill will access host files without explicit, declared permissions or guidance for secure handling.
Persistence & Privilege
always is false and the skill is user-invocable, but autonomous invocation is allowed by default. Combined with embedded/read private keys, autonomous invocation increases the blast radius: an agent could run trades or move funds using the available keys. The skill does not request persistent platform-wide privileges, but its ability to act programmatically on a private key is a significant operational privilege.
What to consider before installing
Do not run this skill or its scripts on any machine that holds real funds or private keys. Specific concerns: (1) The repo contains a hardcoded private key literal in multiple scripts — treat that as compromised and dangerous. (2) Several scripts read a hard-coded absolute file path (/home/ubuntu/clawd/MAIN_WALLET.txt) to extract a private key, which means the skill will look for and use host-stored secrets without clear consent or declaration. Before using: verify the key(s) are not real (rotate any key that matches the literal), remove hardcoded keys, and change the scripts to accept keys via a secure secret store or prompt (do not store plaintext on disk). Run the skill only in an isolated test environment with an empty/test wallet and limited funds. Ask the author for upstream source, audits, and a secure secret-handling design (use environment variables or a secrets manager, and do not hardcode keys or read arbitrary host paths). If unsure, prefer not to install.Like a lobster shell, security has layers — review code before you run it.
latestvk9759naym12syfcakvaf57rm1h80jdqe
License
MIT-0
Free to use, modify, and redistribute. No attribution required.