Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Barra
v0.1.4在币安交易所通过市价单或限价单买入BTC现货,自动处理交易参数和账户验证并反馈成交详情。
⭐ 0· 258·1 current·1 all-time
byvioletsakura@violetsakura-7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a Binance BTC spot buy helper and the required actions (parse user intent, check balance, call Binance spot API, return trade details) are coherent with that purpose. However, the registry metadata lists no required environment variables or primary credential while SKILL.md explicitly instructs users to set BINANCE_API_KEY and BINANCE_SECRET_KEY — this mismatch is unexpected and should be resolved.
Instruction Scope
Instructions stay within the trading use-case (parsing order params, validating account, submitting orders, returning results) and advise security best-practices (disable withdrawals, use IP whitelist). They do instruct the agent to read API keys from environment variables and to perform account reads/trades, which is required for the stated function. The SKILL.md contains Unicode control characters (prompt-injection signal) that could alter how an LLM interprets instructions; this is out-of-band and should be inspected manually.
Install Mechanism
Instruction-only skill with no install spec or code files — minimal persistence and no packages are pulled at install time, which reduces risk.
Credentials
The only necessary secrets for the described functionality are a Binance API key and secret with read+spot-trade permissions and IP restriction — proportionate. But the skill metadata/registry failing to declare these required env vars is a concerning discrepancy: users might not realize they must supply keys, or the skill author omitted this on purpose. Also the SKILL.md suggests exporting keys into environment variables in plaintext; users should be advised to use a restricted API key (no withdraw, limited scope/IP) and not reuse high-privilege credentials.
Persistence & Privilege
The skill does not request always:true or other elevated, platform-wide privileges. It's user-invocable and does not declare persistent modifications to other skills or global settings.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contains invisible Unicode control characters which can be used for prompt-injection or to hide instructions. This is not expected for a simple trading README and warrants manual inspection and removal before trusting the skill.
What to consider before installing
This skill is plausibly what it says (a Binance BTC spot-buy helper) but has a few red flags you should address before using it with real funds:
- Metadata mismatch: The registry lists no required env vars, yet SKILL.md requires BINANCE_API_KEY and BINANCE_SECRET_KEY. Treat the SKILL.md as authoritative but confirm with the publisher if possible.
- Use a restricted Binance API key: Create a key that has only 'Enable Spot & Margin' (spot trading) and account read permissions, explicitly disable withdrawals and other permissions. Restrict the key by IP to the runtime server's IP.
- Do not paste your main account keys into chat or to unknown runtimes. Store keys only in the runtime's secure environment mechanism and rotate them frequently.
- Because the README includes invisible Unicode control characters (prompt-injection signal), open the SKILL.md in a text editor that can show/control characters and remove any suspicious hidden characters before use.
- Test on a sandbox or with a small amount of funds / a dedicated test account first. Monitor order execution closely and consider running the skill with an API key that has a small balance.
- If you cannot verify the skill author or the metadata mismatch, be cautious and consider not installing. If possible, ask the publisher to update registry metadata to declare the required env vars and remove the control characters.Like a lobster shell, security has layers — review code before you run it.
latestvk970k7zscam0t7er44bz4qcvad83q58a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.