Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Edge.Trade
vv4388.0.0Use when user asks about crypto tokens, trading, portfolios, or price alerts.
⭐ 0· 1.2k·4 current·4 all-time
by@lexomis
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims trading, token inspection, portfolio and alert functionality which matches the SKILL.md and skill.yaml (orders, wallet, tokens, pairs). However the registry summary provided earlier stated 'Required env vars: none' while skill.yaml declares a required secret API_KEY — an inconsistency between registry metadata and the bundle that should be resolved.
Instruction Scope
SKILL.md instructs using an 'edge' MCP server with actions that include placing orders and managing an encrypted non-custodial wallet, and mentions delivering alerts to webhook, Redis, or Telegram. Those alert delivery options mean the skill (or its server) can send data to arbitrary external endpoints; combined with wallet and order actions this raises the risk of exfiltration or misuse if the server package behaves unexpectedly. The SKILL.md does not instruct reading unrelated local files, but the ability to spawn an MCP server that the agent will call expands the runtime surface.
Install Mechanism
skill.yaml uses 'npx -y @edgedottrade/edge --api-key ${API_KEY}' to spawn an MCP server. That will fetch and execute an unpinned package from npm at runtime (supply‑chain risk). The repository is provided (GitHub) which helps auditability, but npx with -y and no fixed version is higher risk than a pinned release or a known trusted binary.
Credentials
The bundle requires a secret API_KEY (key name in skill.yaml, described as 'sk-...') which is proportionate for a trading API, but the earlier registry summary claimed no required env vars — this mismatch is suspicious. Also, because the skill can manage wallets and place orders, ensure the API_KEY's scope is limited (do not supply broader cloud or exchange credentials) and confirm whether private keys or additional secrets will be requested.
Persistence & Privilege
always:false and normal agent invocation are used (no forced global installation). The skill requests network outbound and mcp spawn permissions to run the MCP server — expected for a networked trading tool but important to note because the spawned server will run code downloaded at runtime.
What to consider before installing
Do not install or provide secrets yet. Ask the publisher for: (1) an explicit, pinned package version (avoid npx with no version), (2) the exact npm package and GitHub repo commits/tags to review, and confirmation of what the API_KEY authorizes. Review the npm package/GitHub code yourself or ask for an audit to ensure it only performs the advertised actions. Be cautious about alert webhook destinations (they can be used to exfiltrate data) and never give unrelated credentials (AWS, exchange keys with withdrawal rights, or private keys) until you verify code and scope. If you must test, use limited-scope API keys, a dedicated test account, and monitor network activity and order permissions.Like a lobster shell, security has layers — review code before you run it.
latestvk977m9ppbv9yn4zwsx11df5q8n8511zk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.