ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

BinanceAlert

v1.0.1

Binance smart alert system. Monitors price/change alerts, new listings, Alpha airdrop opportunities, and HODLer announcements via Telegram. No Binance API Ke...

0· 143·0 current·0 all-time
by@cnwpdb
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: the script polls Binance endpoints and sends alerts to Telegram. Requested binaries (python3) and env vars (TG_BOT_TOKEN, TG_CHAT_ID) are appropriate for the stated purpose. The script also interacts with Binance Web3 endpoints and CMS which are consistent with 'Alpha' and listing checks.
!
Instruction Scope
SKILL.md and the script explicitly state the code will read /data/freqtrade/user_data/.secrets.env (or system env) but this file path is not declared in requires.configPaths. Reading a shared secrets file is broader than necessary for a small alert script and could import unrelated secrets; the script also writes state to /data/freqtrade/user_data/binance_alert_state.json which is a shared location.
Install Mechanism
This is an instruction-only skill with no install spec — nothing is downloaded or written by an installer. That minimizes install-time risk.
!
Credentials
Declared env vars are limited and appropriate (TG_BOT_TOKEN, TG_CHAT_ID). However, the script auto-loads /data/freqtrade/user_data/.secrets.env into the process environment if present, which could expose other credentials or secrets stored there (e.g., exchange API keys or service tokens) without explicit user consent or declaration.
Persistence & Privilege
The skill persists state to /data/freqtrade/user_data/binance_alert_state.json and uses that path for initialization; it does not request 'always: true' or modify other skills. Persisting state in a shared application directory is reasonable for cron runs but may cause data overlap or permission concerns if run in an environment hosting other apps.
What to consider before installing
This skill generally matches its description (Binance → Telegram alerts) but it will automatically load /data/freqtrade/user_data/.secrets.env into its environment if present and writes state to /data/freqtrade/user_data/. Before installing: (1) inspect /data/freqtrade/user_data/.secrets.env to ensure it doesn't contain unrelated secrets you don't want the skill to read; (2) consider running the skill in an isolated directory or container with a dedicated .secrets.env that only contains TG_BOT_TOKEN and TG_CHAT_ID; (3) check file permissions on the state file path and consider changing STATE_FILE to a location under the skill's control; (4) review the full scripts/binance_alert.py for the truncated remainder (network endpoints, any unexpected remote endpoints, or code that might exfiltrate data). If you cannot confirm the contents of the shared .secrets.env or don't want this skill to access other secrets, do not install or run it in a shared environment.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspython3
EnvTG_BOT_TOKEN, TG_CHAT_ID
latestvk976rf4163sf8nk8p59fhhmrvx837870
143downloads
0stars
2versions
Updated 2h ago
v1.0.1
MIT-0
@cnwpdb
latest
Download

BinanceAlert

Monitors Binance market events and pushes real-time alerts via Telegram.

Required Environment Variables

VariableDescription
TG_BOT_TOKENTelegram Bot Token (from @BotFather)
TG_CHAT_IDTelegram target Chat ID

The script reads these from /data/freqtrade/user_data/.secrets.env automatically, or from system environment variables directly.

Price Alert

python3 {baseDir}/scripts/binance_alert.py price <SYMBOL> <target_price> [above|below]

Example: alert when BTC breaks $100,000

python3 {baseDir}/scripts/binance_alert.py price BTCUSDT 100000 above

Change Alert (24h %)

python3 {baseDir}/scripts/binance_alert.py change <SYMBOL> <threshold_pct>

Example: alert when ETH moves more than 8% in 24h

python3 {baseDir}/scripts/binance_alert.py change ETHUSDT 8

New Listing Monitor

python3 {baseDir}/scripts/binance_alert.py listing

Alpha Airdrop Scanner

python3 {baseDir}/scripts/binance_alert.py alpha

Scans Binance Web3 Alpha tokens, scores by KYC holders, alpha points multiplier, and market cap.

Announcement Monitor (HODLer Airdrops)

python3 {baseDir}/scripts/binance_alert.py announcement

Run All Checks (for cron/timer)

python3 {baseDir}/scripts/binance_alert.py run

Status

python3 {baseDir}/scripts/binance_alert.py status

Notes

  • Requires TG_BOT_TOKEN and TG_CHAT_ID (read from .secrets.env or system env)
  • State persisted to /data/freqtrade/user_data/binance_alert_state.json
  • Price/change alerts auto-mark as triggered after firing, no duplicate pushes
  • New listing monitor initializes baseline on first run, no push
  • Recommended: run via systemd timer every 5 minutes using the run command

Comments

Loading comments...