ClawHub

Tradebot Alpha

v0.1.14

Read-only signal fetcher for TradeBot Alpha API. Subscription required for Pro tier.

0· 104·0 current·0 all-time
by@zalcmann
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim a read-only signal fetcher and the code and README implement exactly that: CLI that calls https://tradebot-alpha.bluefeza.com/api/v1 endpoints with a provided API key. No unrelated credentials, binaries, or capabilities are requested.
Instruction Scope
SKILL.md and README instruct running the CLI with --key and request only status/analyze commands. The runtime code only contacts the documented API endpoints and prints results; it does not read files, environment variables, or send data to other endpoints.
Install Mechanism
No install spec is provided (instruction-only installer expected). The package includes source but does not download or extract external artifacts. This is low-risk and proportionate for a connector.
Credentials
No required environment variables or primary credential declared; the CLI accepts an API key via --key. The skill does not request unrelated secrets or config paths.
Persistence & Privilege
always is false and the skill is user-invocable; it does not attempt to persist configuration outside its own runtime behavior or modify other skills. Autonomous invocation is allowed by platform default but not unusual here.
Assessment
This connector appears to be a simple read-only CLI that calls the TradeBot Alpha API when you supply an API key. Before installing, verify the publisher and the homepage (https://tradebot-alpha.bluefeza.com), confirm subscription terms if you plan to use Pro features, and only provide keys you trust to this service. If you need extra assurance, review the included src/index.js (it only issues HTTPS requests to the documented API and prints responses) and prefer passing the key at runtime rather than storing it in shared config. If you do not trust the external service or the publisher, do not supply your API key.

Like a lobster shell, security has layers — review code before you run it.

apivk97b46n06fjy9w3js6ywg94ans83xtpgconnectorvk979htc1kkq8wb22jx1gc5sk8183wt7xcryptovk9719hqpv0ed7g5zd4g88e3x4983ww3glatestvk97b46n06fjy9w3js6ywg94ans83xtpgread-onlyvk979htc1kkq8wb22jx1gc5sk8183wt7xsignalsvk97b46n06fjy9w3js6ywg94ans83xtpgtradingvk97b46n06fjy9w3js6ywg94ans83xtpg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments