binance-event-contract-full-suite Security Report — Trusted | ClawSafe

0 /100

binance-event-contract-full-suite

5-skill Binance Event Contract trading suite: data fetcher, signal calculator, ICT recognizer, risk manager, and executor reporter — advisory mode only, no real trading

This skill consists entirely of markdown documentation files (6 SKILL.md files, 19.5 KB total) with zero executable code, scripts, or dependencies — presenting a completely benign security posture.

Skill Namebinance-event-contract-full-suite

Duration32.6s

Enginepi

✓

Safe to install

No action required. This is a pure documentation package. Before production use, ensure the actual implementation code (when provided) follows the declared behavior in the SKILL.md files.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file I/O operations in any .md file
Network	`READ`	`READ`	✓ Aligned	SKILL.md (root) declares only Binance REST/WebSocket API calls
Shell	`NONE`	`NONE`	—	No shell commands, subprocess, or eval() found
Environment	`NONE`	`NONE`	—	No os.environ or env variable access in any file
Skill Invoke	`READ`	`READ`	✓ Aligned	Signal calculator declares dependency on fetcher, ICT recognizer, and risk manag…
Clipboard	`NONE`	`NONE`	—	No clipboard access documented or present
Browser	`NONE`	`NONE`	—	No browser automation documented or present
Database	`NONE`	`NONE`	—	No database operations documented or present

1 findings

🔗

Medium External URL 外部 URL

https://api.binance.com

SKILL.md:15

File Tree

6 files · 19.5 KB · 512 lines

Markdown 6f · 512L

├─ ▾ 📁 binance-executor

│ └─ 📝 SKILL.md Markdown 102L · 3.8 KB

├─ ▾ 📁 binance-ict-recognizer

│ └─ 📝 SKILL.md Markdown 86L · 3.6 KB

├─ ▾ 📁 binance-reporter

│ └─ 📝 SKILL.md Markdown 35L · 1.1 KB

├─ ▾ 📁 binance-risk-manager

│ └─ 📝 SKILL.md Markdown 86L · 3.3 KB

├─ ▾ 📁 binance-signal-calculator

│ └─ 📝 SKILL.md Markdown 103L · 3.5 KB

└─ 📝 SKILL.md Markdown 100L · 4.1 KB

Security Positives

✓ Skill is 100% markdown documentation with zero executable code — no attack surface

✓ All 5 sub-skills (fetcher, executor, ICT recognizer, risk manager, reporter) are internally consistent in their declared behavior

✓ Binance API usage is explicitly scoped to only BTCUSDT & ETHUSDT pairs on official endpoints

✓ Clear boundary definitions in all SKILL.md files prohibit unauthorized operations (e.g., no real trading, no third-party data)

✓ Risk manager enforces documented safety limits (2% per trade, 10% daily circuit breaker, max 4 concurrent positions)

✓ No sensitive file paths (~/.ssh, ~/.aws, .env) are referenced anywhere

✓ No obfuscation techniques (base64, eval, encoded strings) detected

✓ No persistence mechanisms (cron, startup hooks) present in documentation

✓ Installation method uses only standard npx clawhub CLI (no curl|bash or direct script downloads)

Scan Report

File Tree

Security Positives