Binance Spot Trader
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a real Binance trading bot, but it can place unattended market orders with powerful API keys and some documented safety controls are not actually enforced in the code.
Install only if you fully understand that this can trade real funds. Start with Binance testnet or a small restricted sub-account, disable withdrawals, IP-restrict the API key, and do not run it via cron until the missing risk controls are fixed and you have independent monitoring and spending limits.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The bot can spend or sell real crypto assets, causing losses, fees, tax events, or unintended portfolio changes.
The implementation submits live Binance MARKET orders automatically from its own trading signals. The artifacts do not show per-order user confirmation, a testnet/dry-run default, or hard spending/loss enforcement before placing orders.
params = {"symbol": symbol, "side": side, "type": "MARKET", "quantity": f"{quantity:.6f}"}
result = api_post("/api/v3/order", params)
...
if signal == "BUY": ... place_order(symbol, "BUY", qty)
elif signal == "SELL": ... place_order(symbol, "SELL", held)Use only with Binance testnet or a limited sub-account until reviewed. Add an explicit dry-run mode, per-trade confirmation, symbol allowlists, daily spend/loss caps, and enforced maximum position limits before live use.
A user may believe the bot has risk controls that limit positions, stop losses, or schedule DCA buys, while the implementation can continue buying or selling without those protections.
The skill documentation advertises MAX_POSITIONS, TAKE_PROFIT_PCT, STOP_LOSS_PCT, and DCA_INTERVAL controls, but the code only defines some of these values and does not enforce max positions, take-profit, stop-loss, or a DCA interval. DCA mode buys whenever the script runs.
MAX_POSITIONS = int(os.getenv("MAX_POSITIONS", "5"))
TP_PCT = float(os.getenv("TAKE_PROFIT_PCT", "5"))
SL_PCT = float(os.getenv("STOP_LOSS_PCT", "3"))
...
elif STRATEGY == "dca":
signal = "BUY" # DCA always buysDo not rely on the advertised risk controls until the implementation is fixed. The skill should either enforce these controls in code or clearly remove/mark them as unsupported.
Even without withdrawal permission, a compromised or misused trading key can convert assets, incur fees, or lose funds through bad trades.
Trading credentials are expected for this purpose and the documentation warns to disable withdrawals, but the Binance key still grants delegated authority to read account balances and place spot trades.
- **Binance account** with API keys (spot trading enabled, withdrawal DISABLED) ... BINANCE_API_KEY=<your-api-key> BINANCE_SECRET_KEY=<your-secret-key> LLM_API_KEY=<anthropic-api-key>
Use a Binance sub-account with minimal funds, disable withdrawals, IP-restrict the API key, grant only the minimum trading permissions, and rotate the key if exposed.
The bot can keep trading after the user stops watching it, especially if market conditions or configuration are wrong.
The documentation encourages recurring unattended execution every five minutes. For a live trading bot, this creates persistent autonomous financial activity without an artifact-backed stop condition or review checkpoint.
Or via cron: ``` */5 * * * * cd /opt/trader && python3 trader.py >> trader.log 2>&1 ```
Avoid unattended cron use until strict limits and alerting are in place. Add a kill switch, max runtime, daily trade cap, and monitoring for failed or repeated orders.
Anyone with access to the working directory may learn the user's trading activity and approximate position history.
The script writes local trade history containing symbols, side, quantity, result, and price. This is purpose-aligned monitoring data, but it is sensitive financial activity stored on disk.
TRADES_LOG = Path("trades.jsonl")
...
f.write(json.dumps({"ts": datetime.now(timezone.utc).isoformat(), "symbol": symbol,
"side": side, "qty": quantity, "result": result.get("status", "UNKNOWN"),
"price": float(result.get("fills", [{}])[0].get("price", 0)) if result.get("fills") else 0
}) + "\n")Store logs in a protected directory, restrict file permissions, avoid shared machines, and rotate or delete old logs when no longer needed.