Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Aster Futures
v0.1.1Aster Futures request using the Aster API. Authentication uses EIP-712 ECDSA signing with API wallet. Supports mainnet.
⭐ 0· 317·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (placing and querying futures orders via Aster's API) legitimately requires EIP-712 signing and access to an API wallet private key. However, the registry metadata declares no required environment variables or primary credential even though the included authentication reference and examples explicitly use SIGNER_PRIVATE_KEY and wallet addresses. That mismatch (needing a private key but not declaring how it will be supplied) is incoherent and disproportionate.
Instruction Scope
SKILL.md and references/authentication.md instruct the agent to call fapi.asterdex.com endpoints, use curl/jq for data extraction, and perform EIP-712 signing. The authentication doc includes a Python example that embeds SIGNER_PRIVATE_KEY and demonstrates signing and posting orders (including placing/cancelling orders and 'cancel all' operations). The instructions do not specify how the agent should obtain/store the private key (env var, secure vault, user prompt), nor do they constrain when trade-affecting endpoints can be used. That lack of specification expands the agent's discretion and could lead to accidental or unauthorized use of high-privilege operations.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to write to disk, which minimizes install-surface risk.
Credentials
The skill requires signing with an API wallet private key to perform trading (highly sensitive). Yet the package metadata lists no required env vars, no primary credential, and no required config paths. There is no guidance in metadata about required secret scope or least-privilege credentials. The endpoints documented include destructive actions (placing orders, cancel all open orders), so requesting full private-key signing capability is high privilege and should have been explicitly declared and scoped.
Persistence & Privilege
The skill is not marked always:true; it is user-invocable and allows model invocation (default). That means if the agent is given credentials it could act autonomously and place/cancel trades. Autonomous invocation alone is normal for skills, but combined with the missing credential declaration and high-privilege trading endpoints this increases the blast radius — the skill should document explicit runtime approval flows and credential handling.
What to consider before installing
This skill is 'suspicious' because it needs your API wallet private key to sign trade requests but does not declare how it will get or store that secret. Before installing or using it: 1) Do not paste your main wallet private key into chat or into the agent; prefer a dedicated API key/wallet with minimal permissions. 2) Ask the author how credentials are provided (env vars, vault, or interactive prompt) and request explicit metadata declaring required env vars. 3) If you must test, use a testnet or a dedicated account with zero funds and IP/permission restrictions. 4) Disable autonomous invocation (or require manual approval) so the agent cannot place or cancel orders without your explicit confirmation. 5) Prefer a signing workflow that uses remote/hardware signing or a short-lived delegated credential rather than exposing raw private keys.Like a lobster shell, security has layers — review code before you run it.
latestvk97b99qbhpv13bmeqj3ee44ns1827hnz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.