v1.0.0

Moltrade 1.0.9

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:15 AM.

Analysis

This is a coherent trading-bot skill, but it reaches live financial trading, copy-trading, credentials, external relay broadcasts, and public posting, so it needs careful review before installation.

GuidanceInstall only if you are comfortable operating a local automated trading bot. Review the external repository and dependencies first, use testnet/test mode, create least-privilege API keys with withdrawals disabled, avoid sharing full secrets with the agent, set strict risk limits, and require explicit approval before any live trading, copy-trading, or public posting.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

binance/spot/SKILL.md

`/api/v3/order` (POST) | New order ... Authentication Yes; `/api/v3/openOrders` (DELETE) | Cancel All Open Orders on a Symbol ... Yes; `/api/v3/account` (GET) | Account information ... Yes

The included Binance Spot skill documents authenticated endpoints that can place orders, cancel all open orders, and read account information. These operations are aligned with a trading bot, but they are high-impact and broad.

User impactIf used with a trading-enabled Binance key, the agent or bot could place or cancel real trades and read account details, which can directly affect the user's funds.

RecommendationUse testnet first, require explicit human approval for live orders, use trading-only keys with withdrawals disabled, set IP allowlists where possible, and configure strict position and loss limits.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

`git clone https://github.com/hetu-project/moltrade.git`; `cd moltrade/trader && pip install -r requirements.txt`; ... `For CI/agents, keep using the repo checkout; there is no separate pip package/CLI yet.`

The skill package is instruction-only and tells users to run code and install dependencies from an external repository that is not included in the reviewed artifacts.

User impactA user may end up running unreviewed external code with trading credentials and live-market authority.

RecommendationReview the external repository and dependency list before use, pin to a known commit, run in an isolated environment, and do not provide live credentials until the code and dependencies are trusted.

Cascading Failures

SeverityHighConfidenceHighStatusConcern

SKILL.md

Follower (mirrors leader, no strategy trading): `python trader/main.py --config trader/config.json --strategy momentum --symbol HYPE --copytrade follower`

The copy-trading mode is explicitly designed to mirror another source's trades, which can propagate a bad or compromised signal into real orders.

User impactA single bad leader, signal, configuration error, or market event could cause repeated or copied trades and financial losses.

RecommendationUse test mode first, allowlist trusted leaders, cap trade size and total exposure, configure stop-loss/kill-switch controls, and require manual approval before enabling live copy-trading.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

**YOUR 24/7 AI TRADER ! EARNING MONEY WHILE YOU'RE SLEEPING.**

The promotional wording may encourage overconfidence in an automated financial system, although the same artifact also warns that live mode places real orders.

User impactUsers could underestimate trading risk or treat the bot as a profit guarantee.

RecommendationTreat the bot as experimental automation, not financial advice or guaranteed income; start with small test allocations and review every live-trading setting.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Run Bot (live) ... remove `--test` to hit mainnet. ... live mode will place real orders.

The skill supports a long-running autonomous live trading process. This is disclosed and purpose-aligned, but it can continue acting after initial launch unless bounded by user controls.

User impactOnce started in live mode, the bot may keep placing real orders until it is stopped or its configuration prevents further trades.

RecommendationRun under supervision, set explicit runtime and loss limits, monitor logs, keep a clear stop procedure, and avoid unattended live operation until the strategy is proven.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Set `trading.exchange` to `"binance"` in your config and provide API credentials. ... Check `nostr` block: `nsec`, `relayer_nostr_pubkey`, `relays`, `sid`.

The skill requires sensitive exchange credentials and a Nostr private key value for core functionality, while the registry metadata declares no primary credential or required environment variables.

User impactTrading API keys and Nostr private keys can authorize account activity or control signal identity; mishandling them could lead to unauthorized trades, impersonation, or account exposure.

RecommendationProvide secrets only through secure local mechanisms, avoid pasting full keys into chat, use separate limited-permission keys, disable withdrawals, rotate keys if exposed, and update the registry credential declarations.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

Broadcast Signals to Nostr ... Check `nostr` block: `nsec`, `relayer_nostr_pubkey`, `relays`, `sid`. ... verify `send_trade_signal` / `send_execution_report` run without errors.

The bot is designed to send trade signals and execution reports through Nostr relays. The artifacts describe encryption, so this is purpose-aligned, but it is still an external communication path.

User impactTrade activity, strategy signals, or execution metadata may be shared with relays or subscribers if configured incorrectly.

RecommendationReview the relay list and recipient keys, avoid broadcasting secrets, use a dedicated Nostr key, and test with non-sensitive data first.