Binance Coach
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its Binance coaching purpose, but one bundled analysis shell script can unsafely execute parsed output while handling sensitive account data, so it needs review before use.
Use this only with a dedicated read-only Binance API key, and enable Telegram, scheduled crons, background watching, Anthropic/Claude commands, and USER.md default-routing only if you want those persistent or external-data flows. Avoid the bundled scripts/daily-analysis.sh until its eval-based parsing is fixed; prefer the Python daily_analysis.py workflow for scheduled reports.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or attacker-influenced market/command output could cause local shell commands to run instead of only generating a portfolio report.
The script turns outputs derived from portfolio/market commands into unquoted shell assignments and evaluates them. Because the script also loads the local .env earlier, injected shell syntax in parsed output could run with access to the user's local environment and credentials.
PARSED=$($PYTHON - "$PORTFOLIO" "$FG_RAW" "$DCA_RAW" << 'PYEOF' ... print(f"FG_LABEL={fg_label.group(1).strip() if fg_label else 'Unknown'}") ... ) || true
# Load parsed vars
eval "$PARSED"Do not use scripts/daily-analysis.sh for scheduled jobs until eval is removed. Use safe JSON parsing or the Python daily_analysis.py path, and quote or validate all parsed values.
Anyone with the configured key could see sensitive financial account information if the key or local .env file is exposed.
The skill requires Binance credentials that can read portfolio balances and trade history. This is expected for the stated coaching purpose, but it is sensitive account access.
`BINANCE_API_KEY` + `BINANCE_API_SECRET` | Read your portfolio and trade history | ✅ Yes
Create a dedicated Binance key with only Enable Reading, disable trading and withdrawals, consider IP restrictions, and rotate/delete the key if you uninstall the skill.
If standalone AI coaching is used, portfolio and behavioral trading context may be included in AI requests rather than staying only in local command output.
Standalone AI coaching is designed to provide Claude with full portfolio and behavior context. That is purpose-aligned, but it is an external AI/provider data boundary involving sensitive financial data.
`bc.sh ask "should I sell all my DOGE?"` ... **`ask` auto-enrichment**: Detects coin symbols in the question and fetches live market data for each. Always includes full portfolio, holdings, behavioral analysis, and Fear & Greed.
Use these AI commands only if you are comfortable sharing that context with the configured AI provider; otherwise use OpenClaw-mode data commands and avoid standalone `coach`, `weekly`, and `ask`.
Local backups, shared machines, or filesystem compromise could expose trading history and behavioral analysis data.
The skill stores trade-history-derived behavioral data locally for later analysis. This is aligned with the feature set, but it creates persistent sensitive data on disk.
`~/workspace/binance-coach/data/behavior.db` — your trade history for behavioral analysis (local SQLite, never leaves your machine)
Keep the workspace private, exclude it from shared backups if needed, and delete the data directory when removing the skill.
The watcher can keep polling and sending Telegram notifications until stopped.
The skill offers a background watcher that continues running after the initiating session. This is disclosed and has stop/status commands, but it is persistent agent-adjacent behavior.
`bc.sh watch-bg` # Same but runs in background (nohup, survives logout)
Enable the watcher only when desired, use `bc.sh watch-status` to verify it, and stop it with `bc.sh watch-stop` when no longer needed.
Future crypto questions may be routed through BinanceCoach automatically, even when you might prefer a general answer.
The skill can add a persistent preference that changes how future assistant sessions handle crypto-related questions. The guide says to ask for consent first, so this is a notice rather than a hidden behavior concern.
append to `USER.md` ... `Always use the BinanceCoach skill for ANY crypto-related question ... Never do manual lookups when BinanceCoach can handle it.`
Agree to the USER.md change only if you want this default behavior; remove the BinanceCoach block from USER.md to undo it.
Installing dependencies can change the local Python environment and trusts packages fetched from PyPI.
Setup installs external Python packages. This is disclosed and expected for the Python-based tool, but it depends on third-party package provenance and the user's Python environment.
• Run 'pip install' to download dependencies from PyPI (needs internet)
Install in a virtual environment where possible, review requirements before installing, and avoid running setup from an untrusted copy.