Trading DevBox POC
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: devbox-poc Version: 0.1.0 The skill bundle describes a 'Trading DevBox' POC. The `_meta.json` contains standard metadata. The `SKILL.md` defines the skill's purpose, required binaries (`node`), and registers three tools (`trading_backtest`, `trading_deploy`, `trading_status`). It also includes benign prompt injection instructions for the AI agent regarding response formatting ('Always respond in user's language. Keep messages concise.'). There is no evidence of malicious intent, data exfiltration, unauthorized command execution, or other high-risk behaviors within the provided files. The actual implementation of the `trading_` tools is not included, so their security cannot be assessed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could treat a brief phrase as authorization to place real-money trades, creating financial-loss risk.
The skill describes a tool and workflow for live financial trading from natural-language input, but does not specify confirmations, caps, testnet-only mode, reversibility, or other safeguards.
`trading_deploy` — Deploy a backtested strategy to live trading ... Deploy: `上线,100 USDC`
Require explicit user confirmation for every live deployment, disclose whether this is mock/testnet or real trading, set default spending limits, and provide clear stop/rollback controls.
Funds or wallet authority may be created or used in ways the user cannot inspect or control from the artifact.
The artifact introduces wallet creation and balance access without declaring credentials, storage location, key-handling rules, funding source, or user approval boundaries.
Zero user interaction. Wallet auto-generated on first run. ... `/wallet` — Show wallet address and AIUSD balance
Document exactly what wallet is created, where keys are stored, whether funds are real or mock, and require explicit user approval before any wallet-funded action.
A user may install or invoke it believing it is only a sandbox, then approve or trigger behavior that is presented as live trading.
The same artifact frames the skill as a mock-data POC while also advertising live trading deployment, which could mislead users about whether actions affect real money.
description: "Trading strategy sandbox — backtest and deploy strategies via natural language. POC demo with mock data." ... `trading_deploy` — Deploy a backtested strategy to live trading
Make the mode unambiguous: label all actions as mock/testnet or live, and block live trading unless the user explicitly enables it.
Users cannot verify what code would implement wallet and live-trading behavior before trusting the plugin.
The reviewed artifact set contains no code files and no install spec, yet the SKILL instructs plugin installation and claims executable trading tools, leaving the implementation and provenance unavailable for review.
Install the OpenClaw plugin: `openclaw plugins install devbox-poc` ... This plugin registers 3 tools
Publish the implementation, install specification, dependency provenance, and reviewed tool definitions before enabling any trading or wallet functionality.