Skillv1.0.0

ClawScan security

Binance Futures Alpha Radar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 2:30 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (fetches public Binance futures data and computes indicators) but its runtime instructions ask the agent to read repository files outside the skill bundle (including a 'system-prompt' file), which is unnecessary for operation and could lead to unintended exposure of internal prompts or repo data.
Guidance: This skill's code appears coherent with its purpose: the Python script fetches public Binance futures data and computes trading indicators, and no credentials are required. However, the SKILL.md explicitly instructs the agent to read files outside the packaged skill (e.g., ../../../src/main/resources/system-prompt.txt), which is unnecessary for public-data analysis and could cause the agent to access sensitive repository content (including internal system prompts). Before installing or enabling this skill, consider: - Confirm whether those external files exist in the environment where the agent will run. If they do not, the instructions may fail; if they do, the skill may read internal files you don't want exposed. - Ask the publisher to bundle any necessary rule files into the skill or remove references to external repo paths. The included references/ files largely mirror the external sources — bundling them would remove the need to read outside files. - Review scripts/binance_futures_snapshot.py locally: it only calls Binance public API (https://fapi.binance.com) and computes indicators; no hidden endpoints or credential exfiltration were found. - Run the skill in a sandboxed environment first, or inspect the referenced external files (system-prompt.txt, core-feature-spec.md) to ensure they contain no sensitive data. If the external file reads are removed or the referenced files are confirmed benign and intentionally included in your runtime environment, this assessment would likely change to benign. Currently treat it as suspicious because of the out-of-bundle file access requirement.

Review Dimensions

Purpose & Capability: concernName/description align with the code: the included script fetches public Binance USD-M perpetual endpoints and computes indicators. However, SKILL.md requires reading external repo files (../../../src/main/resources/system-prompt.txt and ../../../docs/core-feature-spec.md) that are not part of the skill bundle. Those external reads are not required to fetch public market data and are disproportionate to the stated purpose.
Instruction Scope: concernRuntime instructions tell the agent to read several files outside the skill (canonical system-prompt and core docs) and to apply those rules exactly. This grants the skill discretion to access arbitrary repository content on the host environment. The script itself only calls Binance public APIs (BASE_URL = https://fapi.binance.com) and does not exfiltrate data, but the instruction to open ../../../src/... files is scope creep and a potential data-leak vector.
Install Mechanism: okNo install spec; instruction-only plus a local Python script. This is low-risk from an install standpoint since nothing is downloaded or written at install.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The included Python script uses only public Binance endpoints and standard libraries. No secrets are requested or required.
Persistence & Privilege: okalways is false and the skill does not request persistent/system-wide privileges. Autonomous invocation is allowed by default (normal). The skill does not modify other skills or system-wide config.