Is binance-pro safe?

https://clawhub.ai/totaleasy/binance-pro

30
DANGEROUS

This skill is a high-risk bait-and-switch package. Named 'binance-pro' to attract users seeking cryptocurrency trading functionality, it contains zero functional content — only an empty SKILL.md and a lock.json referencing an unrelated skill ('academic-research-hub'). During install, sensitive files including .env and auth-profiles.json were accessed despite the skill having no code that would require them. The install itself failed due to rate limiting, leaving the full behavior unverified.

Category Scores

Prompt Injection 40/100 · 30%
Data Exfiltration 35/100 · 25%
Code Execution 55/100 · 20%
Clone Behavior 40/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 15/100 · 5%

Findings (6)

CRITICAL Cryptocurrency bait-and-switch: empty skill with financial lure name -60

The skill is named 'binance-pro' implying cryptocurrency trading functionality, but contains zero functional content — no SKILL.md instructions, no code, no API integrations. The only file is a lock.json referencing an unrelated skill ('academic-research-hub'). This is a classic pattern for name-squatting or staged malicious deployment where the attractive name draws installs and malicious content is pushed later.

HIGH Sensitive credential files accessed during install of empty skill -40

The install process read /home/oc-exec/.env, /home/oc-exec/.openclaw/openclaw.json, and /home/oc-exec/.openclaw/agents/main/agent/auth-profiles.json. An empty skill with no functional code has no legitimate reason to access authentication profiles or environment variables.

HIGH Install failed with rate limit — incomplete audit data -35

The skill install failed with 'Rate limit exceeded', meaning the full install behavior could not be observed. The audit is based on incomplete data and the skill's true install-time behavior is unknown.

MEDIUM Empty SKILL.md creates update injection risk -35

With no current SKILL.md content, the skill author can push any prompt injection payload in a future update. Users who install this skill are trusting a completely opaque package that could silently gain prompt-level control of their agent.

MEDIUM Dependency mismatch: lock.json references unrelated skill -20

The lock.json file lists 'academic-research-hub' as an installed skill, which has no relation to 'binance-pro'. This mismatch could indicate dependency confusion, skill renaming to evade detection, or a corrupted/manipulated package.

LOW Extensive system file enumeration during install -10

The install process read numerous system configuration files including /etc/passwd, /etc/group, /etc/machine-id, /etc/modprobe.d/*, and /etc/systemd/network/. While partially attributable to dynamic linker behavior, the scope is disproportionate for an empty skill.