Bitget Trader Security Report — Suspicious | ClawSafe

45 /100

Bitget Trader

Professional Bitget integration for automated grid trading and portfolio management

Legitimate cryptocurrency trading automation for Bitget exchange with critically sensitive API credentials embedded in plaintext config files, representing significant credential theft risk if compromised.

Skill NameBitget Trader

Duration82.7s

Enginepi

⚠

Use with caution

Immediately rotate all exposed API credentials. Never store plaintext secrets in configuration files; use environment variables or a secrets manager instead. Enable IP whitelisting on the exchange.

Attack Chain 3 steps

⬡

Escalation Attacker gains read access to workspace directory

config.json:1

◉

Impact Extracts plaintext API credentials from config.json or multi_agent_config.json

config.json:2

◉

Impact Uses harvested credentials to execute unauthorized trades on Bitget exchange

api.bitget.com

Findings 4 items

Severity	Finding	Location
Critical	Exposed API Credentials in Plaintext Credential Theft Real Bitget exchange API credentials (apiKey, secretKey, passphrase) are embedded in plaintext in config.json and multi_agent_config.json. These credentials enable spot trading and could be harvested for unauthorized trading or fund theft. `{"apiKey": "bg_73063f99df20ccf3320032e80d0bd1f3", "secretKey": "ecdc70207a6395da7772210d1c6c8bf1a88f47af83b24dec2aa066d91f495387", "passphrase": "Lin12345"}` → Use environment variables (BITGET_API_KEY, BITGET_SECRET_KEY) instead of storing credentials in files. Add config.json to .gitignore immediately.	`config.json:1`
Medium	Network Capability Mismatch Doc Mismatch SKILL.md declares network:READ but the scripts perform POST requests to place/cancel orders, representing WRITE operations on the exchange. `Documentation describes 'monitor' and 'check balance' but actual scripts execute trades` → Update SKILL.md to declare network:WRITE permission and document all trading capabilities	`SKILL.md:1`
Medium	Undeclared Shell Execution Priv Escalation setup-cron.js and bitget-cli.js use execSync to run openclaw CLI commands and spawn Node.js scripts. This shell:WRITE capability is not declared in SKILL.md. `execSync('openclaw cron list', { encoding: 'utf8' })` → Document shell execution requirements in SKILL.md if intentional, or refactor to use native Node.js APIs	`setup-cron.js:28`
Low	HttpsProxyAgent Dependency Supply Chain Some scripts reference https-proxy-agent package for proxy support, but this external dependency is not declared in any requirements.txt or package.json. `HttpsProxyAgent = require('https-proxy-agent').HttpsProxyAgent` → Create package.json to document all dependencies and versions	`rebalance.js:8`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	All scripts read config.json and grid_settings.json
Network	`READ`	`WRITE`	✗ Violation	Places/cancels orders, not just reads data
Shell	`NONE`	`WRITE`	✗ Violation	setup-cron.js:28, bitget-cli.js:89 use execSync
Skill Invoke	`NONE`	`READ`	✓ Aligned	CLI dispatches to other scripts via execSync

10 findings

🔗

Medium External URL 外部 URL

https://api.bitget.com/api/v2/spot/market/tickers?symbol=SOLUSDT

GRID_STATUS_2026-03-17_2208.md:117

🔗

Medium External URL 外部 URL

https://www.bitget.com

MANUAL_SETUP.md:26

🔗

Medium External URL 外部 URL

https://api.bitget.com

MULTI_AGENT_SETUP_GUIDE.md:331

🔗

Medium External URL 外部 URL

https://www.google.com

MULTI_AGENT_TEST_REPORT_2026-03-17.md:189

🔗

Medium External URL 外部 URL

https://www.investopedia.com/

QUANT_SYSTEM.md:233

🔗

Medium External URL 外部 URL

https://www.quantconnect.com/

QUANT_SYSTEM.md:234

🔗

Medium External URL 外部 URL

http://127.0.0.1:7897

README.md:242

🔗

Medium External URL 外部 URL

https://api.bitget.com$

dynamic-adjust-v2.js:14

🔗

Medium External URL 外部 URL

https://api.binance.com/api/v3/klines?symbol=$

dynamic-adjust.js:16

🔗

Medium External URL 外部 URL

https://api.binance.com/api/v3/ticker/price?symbol=$

dynamic-adjust.js:45

File Tree

137 files · 662.8 KB · 22340 lines

JavaScript 74f · 13942L Markdown 39f · 7314L JSON 21f · 1007L Shell 3f · 77L

├─ ▾ 📁 snapshots

│ └─ 📋 2026-03-07.json JSON 10L · 190 B

├─ 📜 analyze-coins.js JavaScript 145L · 5.7 KB

├─ 📜 analyze-orders.js JavaScript 200L · 7.8 KB

├─ 📜 analyze-strategy.js JavaScript 214L · 7.2 KB

├─ 📜 apply-dynamic-grid.js JavaScript 101L · 3.8 KB

├─ 📜 apply-highfreq.js JavaScript 55L · 2.2 KB

├─ 📜 apply-scheme-a-final.js JavaScript 309L · 11.0 KB

├─ 📜 apply-scheme-a-v2.js JavaScript 281L · 10.2 KB

├─ 📜 apply-scheme-a.js JavaScript 262L · 9.5 KB

├─ 📜 auto-monitor.js JavaScript 290L · 10.2 KB

├─ 📜 bitget-cli.js JavaScript 168L · 4.8 KB

├─ 📜 buy-bnb-limit.js JavaScript 93L · 3.2 KB

├─ 📜 buy-bnb-market.js JavaScript 98L · 3.4 KB

├─ 📜 buy-eth-market.js JavaScript 82L · 2.8 KB

├─ 📜 cancel-all-btc.js JavaScript 135L · 4.8 KB

├─ 📜 cancel-all-orders.js JavaScript 137L · 4.3 KB

├─ 📜 cancel-all.js JavaScript 130L · 4.7 KB

├─ 📜 check-balance.js JavaScript 117L · 3.6 KB

├─ 📜 check-prices.js JavaScript 122L · 5.0 KB

├─ 📝 COIN_ANALYSIS_REPORT.md Markdown 241L · 5.9 KB

├─ 🔑 config.json ⚠ JSON 6L · 190 B

├─ 📋 conservative_deployment_report.json JSON 47L · 1.1 KB

├─ 📜 create-highfreq-config.js JavaScript 93L · 3.8 KB

├─ 📋 cron_config.json JSON 33L · 1.4 KB

├─ 📝 daily_report.md Markdown 31L · 490 B

├─ 📜 debug-orders.js JavaScript 117L · 4.3 KB

├─ 📝 DECISION_SUMMARY_2026-03-17_2236.md Markdown 137L · 3.1 KB

├─ 📜 deploy-bnb-grid.js JavaScript 127L · 4.4 KB

├─ 📜 deploy-bnb-new.js JavaScript 101L · 3.7 KB

├─ 📜 deploy-conservative.js JavaScript 293L · 9.3 KB

├─ 📜 deploy-dynamic-grid.js JavaScript 145L · 4.8 KB

├─ 📜 deploy-eth-buys.js JavaScript 92L · 3.1 KB

├─ 📜 deploy-eth-grid.js JavaScript 134L · 4.9 KB

├─ 📜 deploy-highfreq-grids.js JavaScript 325L · 10.6 KB

├─ 📜 deploy-sell-orders.js JavaScript 162L · 5.2 KB

├─ 📜 deploy-simple-grid.js JavaScript 206L · 6.7 KB

├─ 📜 deploy-ultra-grids-v2.js JavaScript 318L · 10.3 KB

├─ 📜 deploy-ultra-grids.js JavaScript 256L · 7.8 KB

├─ 📝 DEPLOYMENT_REPORT_2026-03-17_2138.md Markdown 197L · 4.2 KB

├─ 📋 dynamic_adjustments.json JSON 8L · 143 B

├─ 📝 DYNAMIC_STRATEGY_REPORT.md Markdown 280L · 6.2 KB

├─ 📜 dynamic-adjust-v2.js JavaScript 326L · 12.1 KB

├─ 📜 dynamic-adjust.js JavaScript 310L · 11.3 KB

├─ 📜 dynamic-rebalance.js JavaScript 295L · 9.3 KB

├─ 📝 ETH_GRID_REPORT.md Markdown 128L · 3.2 KB

├─ 📝 FINAL_DEPLOYMENT_2026-03-17_2220.md Markdown 339L · 7.0 KB

├─ 📝 GRID_DEPLOYMENT_SUCCESS_2026-03-17.md Markdown 137L · 3.5 KB

├─ 📝 GRID_OPTIMIZATION_REPORT_2026-03-17.md Markdown 142L · 3.9 KB

├─ 📝 GRID_OPTIMIZATION_REPORT.md Markdown 278L · 6.1 KB

├─ 📝 GRID_RESTARTED_2026-03-17.md Markdown 118L · 2.6 KB

├─ 📝 GRID_RESTORED_2026-03-17.md Markdown 99L · 2.1 KB

├─ 📋 grid_settings_adjusted.json JSON 58L · 1.7 KB

├─ 📋 grid_settings_conservative.json JSON 58L · 1.5 KB

├─ 📋 grid_settings_highfreq.json JSON 62L · 1.8 KB

├─ 📋 grid_settings_minimal.json JSON 58L · 1.4 KB

├─ 📋 grid_settings_optimized.json JSON 30L · 790 B

├─ 📋 grid_settings_standard.json JSON 58L · 1.4 KB

├─ 📋 grid_settings_ultra.json JSON 58L · 1.5 KB

├─ 📋 grid_settings.json JSON 55L · 1.3 KB

├─ 📝 GRID_STATUS_2026-03-17_2208.md Markdown 219L · 4.1 KB

├─ 📝 GRID_STATUS_REPORT.md Markdown 172L · 4.1 KB

├─ 📝 GRID_STOPPED_2026-03-17.md Markdown 84L · 1.9 KB

├─ 📜 grid-optimizer.js JavaScript 267L · 10.3 KB

├─ 📋 highfreq_deployment_report.json JSON 39L · 1.1 KB

├─ 📝 HIGHFREQ_SETUP_COMPLETE.md Markdown 189L · 4.3 KB

├─ 📜 kline-analyzer.js JavaScript 235L · 9.3 KB

├─ 📝 MANUAL_SETUP.md Markdown 159L · 3.0 KB

├─ 📋 monitor_state.json JSON 116L · 2.9 KB

├─ 🔧 monitor-cron.sh Shell 18L · 529 B

├─ 📜 monitor-fixed.js JavaScript 191L · 5.8 KB

├─ 📜 monitor-grid.js JavaScript 195L · 6.0 KB

├─ 🔧 monitor-wrapper.sh Shell 26L · 632 B

├─ 📋 multi_agent_config.json JSON 126L · 3.2 KB

├─ 📜 multi_agent_controller.js JavaScript 452L · 14.8 KB

├─ 📝 MULTI_AGENT_SETUP_GUIDE.md Markdown 369L · 7.5 KB

├─ 📝 MULTI_AGENT_TEST_REPORT_2026-03-17.md Markdown 318L · 7.0 KB

├─ 📝 multi_coin_analysis.md Markdown 118L · 2.9 KB

├─ 📝 NEW_COINS_ANALYSIS.md Markdown 137L · 3.0 KB

├─ 📝 OPTIMIZATION_REPORT.md Markdown 235L · 4.9 KB

├─ 📜 optimize-grids.js JavaScript 247L · 7.9 KB

├─ 📜 optimize-strategy.js JavaScript 178L · 6.7 KB

├─ 📝 QUANT_STRATEGY.md Markdown 252L · 5.4 KB

├─ 📝 QUANT_SYSTEM.md Markdown 243L · 5.0 KB

├─ 📜 quant-trader.js JavaScript 321L · 11.2 KB

├─ 📜 quick-report.js JavaScript 127L · 4.6 KB

├─ 📜 quick-start.js JavaScript 174L · 4.6 KB

├─ 📝 README.md Markdown 301L · 6.3 KB

├─ 📜 rebalance.js JavaScript 179L · 6.8 KB

├─ 📝 REDEPLOY_COMPLETE.md Markdown 157L · 4.0 KB

├─ 📝 REDEPLOY_REPORT_2026-03-17_2158.md Markdown 223L · 4.9 KB

├─ 📜 redeploy-coins.js JavaScript 292L · 9.4 KB

├─ 📜 restart-final.js JavaScript 261L · 8.4 KB

├─ 📜 restart-grids-fixed.js JavaScript 254L · 8.1 KB

├─ 📜 restart-grids.js JavaScript 191L · 6.1 KB

├─ 📝 RUNNING_STATUS.md Markdown 92L · 1.9 KB

├─ 📜 save-optimized-config.js JavaScript 55L · 1.4 KB

├─ 📝 SCHEME_A_MANUAL.md Markdown 180L · 3.9 KB

├─ 📋 scheme_a_result.json JSON 21L · 310 B

├─ 📜 sell-btc-market.js JavaScript 165L · 5.7 KB

├─ 📜 setup-cron-monitor.js JavaScript 90L · 3.4 KB

├─ 📜 setup-cron.js JavaScript 104L · 2.8 KB

├─ 📝 SKILL.md Markdown 277L · 6.9 KB

├─ 📋 smart_grid_state.json JSON 61L · 1.6 KB

├─ 📜 smart-grid.js JavaScript 625L · 20.9 KB

├─ 📜 start-avax-matic.js JavaScript 257L · 8.0 KB

├─ 📜 start-btc-grid.js JavaScript 246L · 7.6 KB

├─ 📜 start-eth-simple.js JavaScript 106L · 3.9 KB

├─ 📜 start-eth-v2.js JavaScript 106L · 3.9 KB

├─ 📜 start-eth-v3.js JavaScript 103L · 3.9 KB

├─ 📜 start-eth-v4.js JavaScript 103L · 3.9 KB

├─ 📜 start-eth-v5.js JavaScript 91L · 3.4 KB

├─ 📜 start-eth-xrp.js JavaScript 183L · 5.6 KB

├─ 📜 start-eth.js JavaScript 184L · 6.1 KB

├─ 📜 start-grids.js JavaScript 190L · 6.1 KB

├─ 📜 start-simple.js JavaScript 257L · 8.0 KB

├─ 📜 start-sol.js JavaScript 153L · 5.0 KB

├─ 📝 STARTUP_REPORT.md Markdown 60L · 1.2 KB

├─ 📝 STATUS_REPORT.md Markdown 159L · 3.5 KB

├─ 📝 STATUS_SUMMARY_2026-03-17_2230.md Markdown 243L · 4.7 KB

├─ 📋 status.json JSON 20L · 505 B

├─ 📜 stop-btc-grid.js JavaScript 125L · 4.2 KB

├─ 📝 strategy_report.md Markdown 229L · 5.1 KB

├─ 📝 STRATEGY_SUMMARY.md Markdown 148L · 3.2 KB

├─ 📋 strategy-summary.json JSON 36L · 758 B

├─ 🔧 test_multi_agent.sh Shell 33L · 913 B

├─ 📜 test-api-debug.js JavaScript 119L · 3.7 KB

├─ 📜 test-eth-grid.js JavaScript 147L · 5.0 KB

├─ 📜 test-grid-api.js JavaScript 127L · 4.1 KB

├─ 📜 test-klines.js JavaScript 51L · 1.6 KB

├─ 📜 test-order.js JavaScript 120L · 3.7 KB

├─ 📜 trade-analyzer.js JavaScript 308L · 10.6 KB

├─ 📝 TRADING_DECISION_2026-03-17_2235.md Markdown 228L · 5.7 KB

├─ 📝 trading_setup.md Markdown 176L · 4.1 KB

├─ 📋 ultra_deployment_report.json JSON 47L · 1.2 KB

├─ 📝 UNLIMITED_MODE.md Markdown 73L · 2.0 KB

├─ 📜 use-sdk.js JavaScript 124L · 3.9 KB

└─ 📝 启动报告_2026-03-10.md Markdown 146L · 3.3 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`https-proxy-agent`	`unknown`	implicit	No	Referenced in code but not in declared dependencies
`Node.js built-ins`	`N/A`	stdlib	No	fs, crypto, path, https, http, child_process

Security Positives

✓ All network requests go to legitimate Bitget API (api.bitget.com)

✓ No base64-encoded malicious code or obfuscation detected

✓ No remote code execution via curl|bash patterns

✓ No credential exfiltration to external servers

✓ Proper HMAC-SHA256 API signing implemented correctly

✓ No hidden backdoor functionality discovered

✓ No evidence of C2 communication or data theft

✓ No sensitive file access (.ssh, .aws, .env) beyond documented config paths

Scan Report

Attack Chain 3 steps

Findings 4 items

File Tree

Dependencies 2 items

Security Positives