Openclaw Bot Prob Trade
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate trading bot, but it can make ongoing real-money trades and some documentation overstates strategy safety.
Install only if you intentionally want an automated trading bot. Start with dry_run enabled, verify the probtrade dependency and API key scope, keep risk limits low, and do not enable persistent live deployment until you are comfortable with the strategy and can monitor or stop it quickly.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured for live trading, the agent can spend real funds and create positions repeatedly on the user's behalf.
The documented default action can become repeated live financial order placement when dry_run is disabled, with no per-order approval gate shown in the artifacts.
Start the autonomous trading loop. Scans markets and places orders every cycle.
Keep dry_run enabled until tested, require an explicit human confirmation before live mode, set very small limits, and monitor every live run.
Anyone or anything that can run the bot with these credentials may be able to view balances/positions and place trades.
The bot depends on prob.trade API credentials capable of account access and trading through the probtrade skill.
Configure `~/.openclaw/skills/probtrade/config.yaml`: ```yaml api_key: "ptk_live_..." api_secret: "pts_..." ```
Use a dedicated, least-privilege API key if available, store secrets securely, and revoke the key when no longer needed.
Users may underestimate execution, liquidity, model, market-resolution, or implementation risks and enable live trading too quickly.
The documentation makes strong safety/profitability claims for a financial strategy, which can encourage unsafe trust in autonomous trading.
**When to use:** Always. This is a low-risk strategy that works in any market condition.
Treat all strategy claims as unverified, paper-trade first, and avoid relying on claims like 'guaranteed' or 'always' when real funds are involved.
If live trading is enabled, the bot can continue operating after the initial command or terminal session ends.
The deployment guide supports running the bot persistently in the background.
sudo systemctl enable openclaw-bot ... docker run -d ... --restart unless-stopped
Only enable persistent deployment after validating dry-run behavior, and make sure you know how to stop the systemd service or Docker container.
A wrong or tampered probtrade path could cause the bot to run unintended API-client code.
The bot imports its trading API client from an external local skill path, which is expected here but expands the trust boundary to the probtrade skill and path configuration.
_skill_path = os.environ.get("PROBTRADE_SKILL_PATH", ...)
if _skill_path not in sys.path:
sys.path.insert(0, _skill_path)
from api_client import fetch, trading_requestInstall probtrade from a trusted source, keep PROBTRADE_SKILL_PATH pointed only at that verified installation, and avoid writable/shared directories for the dependency.