trading-coagent 安全扫描报告 — 低风险 | ClawSafe

15 /100

trading-coagent

AI 與交易腳本協作技能。AI 每 5 分鐘監控交易訊號，與腳本並存共生

Trading co-agent skill with declared autonomous trading capabilities but implementation is a non-functional skeleton with all trading logic as TODOs - no actual malicious behavior present.

技能名称trading-coagent

分析耗时29.1s

引擎pi

✓

可以安装

The SKILL.md describes aggressive autonomous trading behavior, but the Python implementation is purely a monitoring scaffold with no real trading execution capability. Before deployment, ensure trading permissions are properly scoped and implement proper safeguards if actual trading logic is added.

安全发现 2 项

严重性	安全发现	位置
低危	Missing allowed-tools declaration 文档欺骗 SKILL.md describes a trading co-agent system but does not declare allowed-tools permissions. For a skill that describes autonomous trading with AI-script collaboration, expected tools like Read, Write, Bash, or skill_invoke should be declared. `Use when: 需要 AI 與自動化交易腳本協作` → Add an allowed-tools section mapping Bash→shell:WRITE, Read→filesystem:READ, Write→filesystem:WRITE, WebFetch→network:READ if the skill will invoke external scripts.	`SKILL.md:1`
提示	Documentation describes unimplemented functionality 文档欺骗 SKILL.md describes an autonomous trading system capable of executing real trades with position sizing up to 10%. However, scripts/monitor-signals.py contains only TODO stubs with no actual trading execution logic. `# TODO: 實現實際交易邏輯` → If this is intentional (e.g., AI handles execution while script handles monitoring), clarify this in documentation. Otherwise, this creates a misleading impression of capability.	`scripts/monitor-signals.py:62`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	scripts/monitor-signals.py:96 - opens monitoring_log.jsonl
网络访问	`NONE`	`READ`	✓ 一致	Scripts mention RPC endpoints but no actual network calls implemented
环境变量	`NONE`	`NONE`	—	No environment variable access in code
命令执行	`NONE`	`NONE`	—	No subprocess or shell execution in code

目录结构

4 文件 · 15.3 KB · 650 行

Markdown 3f · 456L Python 1f · 194L

├─ ▾ 📁 references

│ ├─ 📝 failure-analysis.md Markdown 180L · 3.1 KB

│ └─ 📝 trading-checklist.md Markdown 112L · 1.9 KB

├─ ▾ 📁 scripts

│ └─ 🐍 monitor-signals.py Python 194L · 6.1 KB

└─ 📝 SKILL.md Markdown 164L · 4.2 KB

安全亮点

✓ No credential harvesting or API key theft attempts

✓ No data exfiltration or C2 communication

✓ No obfuscation techniques (base64, eval, etc.)

✓ No suspicious network connections or remote script execution

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No subprocess or shell execution present

✓ No persistence mechanisms or cron job setup

✓ Code is well-structured with proper error handling

✓ Async architecture is appropriate for the use case