Back to skill
Skillv1.3.0
ClawScan security
Trading Signals Ws · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 11:43 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with a WebSocket-based crypto signal bot that sends Telegram alerts; it requests only expected network access and a Telegram token/chat ID and does not appear to exfiltrate unrelated data.
- Guidance
- This skill appears to do what it claims: it connects to public exchange feeds, computes indicators, and posts alerts to Telegram. Before installing, (1) review config.py and do not put unrelated secrets into it; only provide TG_BOT_TOKEN and TG_CHAT_ID if you want alerts. (2) Run the bot as a dedicated, non-root user (do not deploy the example systemd unit with WorkingDirectory=/root), and run inside a virtualenv so dependencies are isolated. (3) Inspect the full signal_bot.py (especially any parts not visible in the truncated paste) to confirm it only contacts exchange public APIs and Telegram. (4) Be cautious about subscribing or sharing credentials with third-party services advertised in the README (tinyore.com) — they are separate from this code. (5) Keep your Telegram bot token private: anyone with it can send messages from your bot. If you plan to use exchange private endpoints later, only provide exchange API keys with minimal scopes and consider hardware isolation.
Review Dimensions
- Purpose & Capability
- okName/description (WebSocket price feeds → strategies → Telegram alerts) match the included scripts and SKILL.md. The code subscribes to Bybit public feeds, computes indicators, and posts alerts to Telegram as described. No unrelated credentials, binaries, or services are requested.
- Instruction Scope
- noteRuntime instructions tell the agent to install websockets/ccxt/requests, copy/edit config.py, and run the provided script — all reasonable. SKILL.md also advertises a third-party hosted API (tinyore.com) and a Telegram contact; the code does not appear to call that API, but the marketing text could lead users to external services. The systemd example uses /root in WorkingDirectory, which is a poor default (see user guidance).
- Install Mechanism
- okNo packaged install spec; Quick Start uses pip to install standard libraries (websockets, ccxt, requests). No downloads from untrusted URLs or archive extraction. Code files are provided in the repo and nothing in the manifest suggests a high-risk install step.
- Credentials
- okThe only sensitive values the skill expects are TG_BOT_TOKEN and TG_CHAT_ID (used only to send Telegram messages). The included config template uses environment variables as an option but does not request unrelated credentials (no AWS, exchange private keys, or system secrets). ccxt is used for public OHLCV data without API keys.
- Persistence & Privilege
- noteThe skill persists local state (signal_state.json) and writes logs (signal_bot.log) which is normal for a long-running bot. It does not request elevated platform privileges. However the provided systemd example writes a unit that runs the service under /root and would run as root if used as-is — users should run the service under a dedicated non-root user and secure the working directory.