ClawHub

Arbiscan

v0.2.0

Comprehensive crypto market scanner across Binance, OKX, Bybit, and Bitget. 12 scan types covering arbitrage (funding rate, basis, spot spread, futures sprea...

0· 215·0 current·0 all-time
by@zadanthony
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim a cross-exchange scanner. The code files implement exactly that: fetching public endpoints from Binance, Bybit, OKX, and Bitget and computing arbitrage/monitoring signals. There are no unexpected credentials, platform APIs, or unrelated subsystems requested.
Instruction Scope
SKILL.md and the scripts instruct only public HTTP queries to exchange APIs and local formatting of results. Instructions do not request reading local secrets, system config, or sending data to third-party endpoints other than documented exchange APIs. The skill explicitly states 'read-only — no trading, no API keys needed', which matches the code.
Install Mechanism
No install spec is provided (instruction-only), which is low risk. The repository includes a scripts/requirements.txt (requests, tabulate) but these dependencies are not declared in the skill metadata. This is an operational mismatch (agent may need to install packages to run Python scripts). All installs would be standard public Python packages — no downloads from untrusted URLs or archives are present.
Credentials
The skill declares no required environment variables or credentials and the code does not access any hidden env vars. All network calls are to documented public exchange API endpoints; no secret exfiltration or unrelated credential requests were found.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or agent-wide configuration. It runs as-needed and requires only normal network access to public APIs. Autonomous invocation is allowed by default (platform behavior) but is not combined with broad privileges here.
Assessment
This skill appears coherent and implements a read-only cross-exchange scanner using public APIs. Before installing: (1) confirm your agent environment allows outbound HTTPS to exchange APIs (this skill makes many requests); (2) ensure Python dependencies (requests, tabulate) are available or installable if you plan to run the included scripts; (3) be aware scanning many symbols may hit exchange rate limits or cause high network usage/potential IP blocking; (4) verify you really want the agent to run these network-heavy scans autonomously — although the skill itself doesn't exfiltrate local data or require API keys, an agent with network access can still leak data if misused. If you need higher assurance, run the scripts locally in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk976jpzz2846vwasagzew4zs2582x5w7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments