ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TradingFlow — AI-Powered Intent Trading Across Crypto, Stocks & More

v0.0.2

Create and manage crypto trading strategies, deploy automated trading bots, and control on-chain vaults on BSC, Aptos, and Solana. Use when the user wants to...

1· 62·0 current·0 all-time
byCaesar Lynch@thecleopatra
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name and description match the included instructions (manage strategies, deploy bots, control vaults). However the registry metadata claims no required env vars or binaries while the SKILL.md and included scripts explicitly require TRADINGCLAW_API_KEY, TRADINGCLAW_BASE_URL, TRADINGCLAW_SITE_URL and tools like curl/jq/python/node. That mismatch between declared requirements and actual runtime needs is an incoherence and reduces trust in the package metadata.
!
Instruction Scope
The SKILL.md tells the agent to perform many high-sensitivity actions: validate API access, create strategies/processes, create and store secrets (VAULT_ORACLE_KEY), generate approval links and poll approval status, and guide users to set environment variables. This is broadly consistent with a trading platform, but the instructions contain contradictions (e.g., earlier 'Do NOT use GET /auth/me for validation' vs later 'Check GET /auth/me → data.user.rdMode.enabled') and grants the agent discretion to create persistent automated execution (Mode 2) and secrets. Webhook docs also show inbound URLs 'No authentication required' for inbound triggers — a notable operational/security risk if relied on without HMAC secrets.
Install Mechanism
No install spec (instruction-only) and included scripts are simple shell curl wrappers. There are no downloads from arbitrary URLs or package installs. This minimizes on-disk risk from the installer itself.
!
Credentials
The manifest claims no required environment variables, but the SKILL.md and scripts require TRADINGCLAW_API_KEY, TRADINGCLAW_BASE_URL, and optionally TRADINGCLAW_SITE_URL; other referenced runtime variables include TFP_SECRET_TOKEN, VAULT_ORACLE_KEY, BSC_RPC_URL, and more. Those secrets are highly sensitive (private keys / API keys). While such credentials are proportionate to a vault/trading skill, they are not declared in the registry metadata and the skill explicitly guides users to create and store private oracle keys — a dangerous operation if the back-end or publisher is untrusted.
Persistence & Privilege
always:false (normal) and the skill can be invoked autonomously. The skill instructs creating long-lived cloud processes and storing secrets on the TradingFlow platform; that is expected for a trading automation product but increases blast radius because the agent can set up processes that sign transactions (Mode 2). This combined with the other inconsistencies (undeclared env vars and guidance to store private keys) elevates the risk profile.
What to consider before installing
Key things to consider before installing or using this skill: - Metadata mismatch: The skill registry lists no required credentials, but the SKILL.md and scripts require TRADINGCLAW_API_KEY and TRADINGCLAW_BASE_URL. Ask the publisher why registry metadata omits these and insist they be declared. - Do not hand over private keys lightly: The skill's Mode 2 workflow asks you to generate and store an 'Oracle' private key (VAULT_ORACLE_KEY). Only do this if you fully trust the platform, have audited the service, and understand that this key can sign on-chain transactions (even if scoped by permissions). Prefer Mode 1 (manual approvals) whenever possible. - Start with least privilege: If you test the skill, create an API key with minimal scope, grant agent permissions = 1 (SWAP only), and set conservative token spending limits. Use testnet or a small amount first. - Verify endpoints & ownership: The SKILL.md uses tradingflow.fun and api.tradingflow.fun but the package source & homepage are listed as unknown/none. Confirm the service identity and ownership outside the skill (official website, GitHub org, independent reviews). Do not reuse high-privilege keys from other services. - Watch webhooks: The documentation shows inbound webhook URLs 'No authentication required'. If you use webhooks, require HMAC secrets or limit sources to trusted IPs to avoid unauthenticated triggers. - Validate contradictory instructions: The skill contains contradictory guidance around using GET /auth/me. Ask the maintainer to clarify the correct validation flow and update docs. - Operational hygiene: Avoid placing API keys or private keys in global shell profile files. Use ephemeral environment variables, scoped secrets storage, and rotate keys after testing. Monitor process logs and secret accesses, and revoke roles immediately if behavior is unexpected. If you cannot verify the publisher or fix the metadata inconsistencies, treat this skill as untrusted and do not provide real funds or private keys to it.

Like a lobster shell, security has layers — review code before you run it.

latestvk972xg5m74zbpaam8f4dr39ye583crkr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments