v1.0.0

Upbit Trading Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:21 AM.

Analysis

This crypto trading bot is mostly aligned with its stated purpose, but it runs an unbundled shell helper and passes financial account/position data through high-risk paths that should be reviewed before use.

GuidanceReview and fix the shell-based GLM call before running this bot. Only use a tightly scoped Upbit API key, preferably without withdrawal permissions, and be comfortable with position and PnL data being sent to the GLM helper. Do not run it unattended until the missing helper/dependency provenance and data-handling behavior are clear.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityHighConfidenceHighStatusConcern

realtime-bot.js

`cd ${__dirname}/../zai && ./ask.sh "${prompt.replace(/"/g, '\\"')}" glm-4.7`

The bot runs a shell command for GLM analysis. Only double quotes are escaped, while prompt content can include local position data, so shell metacharacters or command substitution could cause unintended local command execution.

User impactA crafted local position/configuration value or unsafe install path could make the bot run commands on the user's machine when market analysis runs.

RecommendationUse execFile or spawn with an argument array instead of a shell string, quote paths safely, validate market/config values, and avoid passing untrusted text through a shell.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

realtime-bot.js

./ask.sh "${prompt.replace(/"/g, '\\"')}" glm-4.7

The runtime delegates GLM calls to a '../zai/ask.sh' helper that is not included in the provided file manifest or install specification, so a component executed during normal use is not reviewable from the supplied artifacts.

User impactInstalling or running the skill may depend on outside code whose behavior, provenance, and data handling are not visible here.

RecommendationBundle or clearly declare the GLM helper, pin its source/version, document required dependencies, and avoid automatically executing unreviewed sibling-directory scripts.

Rogue Agents

SeverityLowConfidenceHighStatusNote

realtime-bot.js

mainLoop(); ... setInterval(mainLoop, CONFIG.priceCheckInterval);

The bot starts immediately and continues running every 10 seconds until interrupted. This matches the disclosed real-time monitoring purpose, but it is still persistent activity while the process is alive.

User impactThe process will keep making price checks, GLM calls, and local event writes until the user stops it.

RecommendationRun it in a supervised terminal or process manager, monitor logs and API usage, and stop it explicitly when monitoring is no longer desired.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

balance.js

const ACCESS_KEY = process.env.UPBIT_ACCESS_KEY; const SECRET_KEY = process.env.UPBIT_SECRET_KEY; ... axios.get('https://api.upbit.com/v1/accounts'

The skill reads Upbit API credentials from environment variables and uses them to query account balances. This is purpose-aligned for an Upbit tool, but the registry metadata declares no credentials or required environment variables.

User impactThe skill can access financial account information through the user's Upbit API key, and the safety depends on the permissions granted to that key.

RecommendationUse the least-privileged Upbit API key possible, disable withdrawal permissions, consider IP restrictions, and ensure the skill metadata declares the required credentials.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

realtime-bot.js

const prompt = `당신은 암호화폐 트레이딩 봇입니다.\n포지션: ${pos.market}\n진입가: ${entryPrice}원\n현재가: ${currentPrice}원\n손익: ${(pnlPercent * 100).toFixed(2)}%`; ... const response = askGLM(prompt);

The bot packages local trading position, price, and PnL information into a prompt and sends it to the GLM helper during recurring analysis, but the artifacts do not define the provider identity, retention, or data boundary.

User impactSensitive trading-position details may be shared with an external AI/helper without clear disclosure of where the data goes or how it is retained.

RecommendationDocument exactly what data is sent to GLM, which provider/account is used, retention/privacy expectations, and provide an opt-in or redaction mode for sensitive position data.