Is dymx101/clap-trader safe?

https://github.com/openclaw/skills/tree/main/skills/dymx101/clap-trader

86
SAFE

This crypto trading skill appears legitimate and contains no obvious malicious code or prompt injection attempts. However, it executes real financial transactions on Binance, creating significant risk of financial loss if the AI makes poor trading decisions.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (4)

HIGH Real Financial Trading Operations -40

This skill executes actual trades on Binance using real money. Poor trading decisions by the AI agent could result in significant financial losses.

MEDIUM External Data Dependencies -20

The skill fetches data from external news sources and cryptocurrency exchanges, which could potentially be manipulated by attackers.

MEDIUM API Credential Requirements -25

The skill requires Binance API keys to be set as environment variables, creating potential exposure risk if not properly secured.

LOW Complex Trading Instructions -5

The skill contains detailed trading instructions that could potentially mask malicious directives, though none were detected.