ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Binance Exchange

v1.0.0

Fetch real-time prices, 24h stats, K-line charts, and market info for Binance spot trading pairs using the Binance API via proxy.

0· 138·1 current·1 all-time
bymoer@torchesfrms

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for torchesfrms/binance-exchange.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Binance Exchange" (torchesfrms/binance-exchange) from ClawHub.
Skill page: https://clawhub.ai/torchesfrms/binance-exchange
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install binance-exchange

ClawHub CLI

Package manager switcher

npx clawhub@latest install binance-exchange
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts implement public Binance REST queries (prices, klines, 24h stats) which matches the skill description. However, the skill metadata declares no required binaries while the scripts clearly require curl, jq and bc (and rely on a proxy). Declaring those binaries would be expected for this purpose.
!
Instruction Scope
SKILL.md and the scripts instruct network calls to https://api.binance.com only (expected). Concerns: SKILL.md references ./scripts/search.sh in examples but no search.sh file is present; token-info.sh claims "no proxy needed" while SKILL.md states a proxy is required and other scripts hard-code a local proxy (-x http://127.0.0.1:1082). These inconsistencies could cause surprising failures or indicate sloppy packaging.
Install Mechanism
No install spec and no remote downloads — the skill is instruction + local scripts only. No extracted archives or off-site install URLs were found, which is low risk from an installation perspective.
Credentials
No credentials or secret environment variables are requested (good). The skill asks users to set HTTP_PROXY/HTTPS_PROXY to a local proxy; that is plausible for region-restricted API access but requires the user to provide/trust the proxy. token-info.sh reads HTTP_PROXY optionally but does not consistently use it.
Persistence & Privilege
The skill does not request persistent presence, does not alter other skills, and does not claim elevated privileges. always is false and there is no install step that modifies system or agent configuration.
What to consider before installing
This skill appears to do what it says (query Binance public endpoints) but I recommend the following before using or installing it: 1) Verify dependencies: install and trust curl, jq, and bc — the scripts need them but the metadata doesn't declare them. 2) Check the missing script: SKILL.md references scripts/search.sh which isn't included; ask the author or remove references. 3) Resolve proxy inconsistencies: decide whether a proxy is required; if you must use a proxy, only use one you trust (running a local proxy can route traffic through third parties). 4) Review scripts locally before execution — they make outbound HTTPS requests to api.binance.com and do not exfiltrate other data, but always run untrusted scripts in an isolated environment. 5) If you need stronger assurance, request an updated package from the author that declares dependencies and fixes the documentation mismatches.

Like a lobster shell, security has layers — review code before you run it.

latestvk977a25y88d2zsah7c7r9y483h839mg9
138downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
moer@torchesfrms
latest
Download

Binance Exchange Skill

Query Binance spot exchange data via API. Requires proxy for network access.

Prerequisites

Proxy Configuration:

# Uses system proxy
export HTTP_PROXY="http://127.0.0.1:1082"
export HTTPS_PROXY="http://127.0.0.1:1082"

Note: Binance API may be restricted in certain regions. Use a proxy node in allowed regions (HK/SG/JP/UK/DE).

API Endpoints

EndpointUse Case
/api/v3/ticker/priceReal-time prices
/api/v3/ticker/24hr24h statistics
/api/v3/klinesK-line/candlestick data
/api/v3/exchangeInfoTrading rules & symbols

Scripts

1. Price Query

# Single symbol
./scripts/price.sh BTCUSDT

# Multiple symbols
./scripts/price.sh BTCUSDT ETHUSDT BNBUSDT

2. 24h Change (via K-lines)

# Single symbol
./scripts/change.sh BTCUSDT

# Top gainers (requires custom processing)
./scripts/gainers.sh

3. K-Line Data

# BTC 1hour K-line (100 candles)
./scripts/kline.sh BTCUSDT 1h 100

# ETH 4hour K-line
./scripts/kline.sh ETHUSDT 4h 50

4. Token Info (New!)

# Get basic price
./scripts/token-info.sh BTCUSDT

# Get 24h statistics
./scripts/token-info.sh BTCUSDT stats

Returns:

  • Symbol, price, 24h change, change %, 24h high/low, volume, quote volume

5. Search Symbols

# Search USDT pairs
./scripts/search.sh USDT

Quick Reference

DataCommand
BTC price./scripts/price.sh BTCUSDT
24h stats./scripts/token-info.sh BTCUSDT stats
K-line./scripts/kline.sh BTCUSDT 1h 100

Rate Limits

  • 1200 requests/minute (public endpoints)
  • Use caching for frequent queries

Comments

Loading comments...