Multi-Exchange Hedge Core
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill advertises autonomous crypto trading and capital reallocation on OKX/Binance without declaring credentials, limits, or approval safeguards.
Review carefully before installing or running. Do not connect live OKX or Binance credentials unless the skill provides clear credential scopes, disables withdrawals, starts in dry-run mode, sets strict trading limits, and asks for confirmation before any order or capital reallocation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with exchange access, the agent could open, close, or rebalance crypto positions and potentially cause financial losses without enough user control.
The skill is not limited to analysis; it describes autonomous trading and capital reallocation on real financial exchanges, but provides no explicit approval gates, maximum trade sizes, asset scope, dry-run mode, or stop conditions.
"Simultaneously manages positions on OKX and Binance" and "Autonomous Balancing: Re-allocates capital based on real-time APR fluctuations."
Only use after the skill defines explicit confirmation steps, maximum position sizes, allowed exchanges/assets, dry-run defaults, emergency stop behavior, and clear user approval before any trade.
Users may not know what account permissions the skill needs, whether withdrawal access should be disabled, or how to limit the agent’s trading authority.
The metadata declares no credential or configuration contract even though the SKILL.md says it manages positions on OKX and Binance, which would normally require exchange account/API privileges.
Required env vars: none; Env var declarations: none; Primary credential: none; Required config paths: none
Require an explicit credential contract, use exchange API keys with the minimum necessary permissions, disable withdrawals, document required scopes, and require user confirmation before using live credentials.
A user may over-trust the skill and allow autonomous trading without understanding that funding arbitrage can still lose money.
The wording presents a risky trading strategy as unusually certain or profit-generating while omitting market, liquidation, execution, counterparty, and funding-rate risks.
"funding rates are a certainty" and "generate profit without predicting the future."
Treat the profit language as marketing, not a safety guarantee. The skill should include clear financial risk disclosures and require explicit user approval for live trading.