derivatives-trading-usds-futures
Facilitates derivatives trading on Binance using authenticated API requests for futures trading and account management.
Install this skill
or
61/100
Security score
The derivatives-trading-usds-futures skill was audited on May 13, 2026 and we found 15 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 244
Access to hidden dotfiles in home directory
SourceSKILL.md
| 244 | Check `~/.openclaw/secrets.env` , `~/.env`, or a `.env` file in the workspace. Read individual keys with `grep`, never source the full file: |
low line 247
Access to hidden dotfiles in home directory
SourceSKILL.md
| 247 | API_KEY=$(grep '^BINANCE_API_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 248
Access to hidden dotfiles in home directory
SourceSKILL.md
| 248 | SECRET_KEY=$(grep '^BINANCE_SECRET_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 251
Access to hidden dotfiles in home directory
SourceSKILL.md
| 251 | for dir in ~/.openclaw ~; do |
medium line 218
Access to .env file
SourceSKILL.md
| 218 | Users can provide Binance API credentials in different ways. The agent will try to retrieve automatically with the two first ways the credentials, but users can also explicitly tell the agent that the |
medium line 242
Access to .env file
SourceSKILL.md
| 242 | 2. **Secrets file (.env)** |
medium line 244
Access to .env file
SourceSKILL.md
| 244 | Check `~/.openclaw/secrets.env` , `~/.env`, or a `.env` file in the workspace. Read individual keys with `grep`, never source the full file: |
low line 247
Access to .env file
SourceSKILL.md
| 247 | API_KEY=$(grep '^BINANCE_API_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 248
Access to .env file
SourceSKILL.md
| 248 | SECRET_KEY=$(grep '^BINANCE_SECRET_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 250
Access to .env file
SourceSKILL.md
| 250 | # Fallback: search .env in known directories (KEY=VALUE then raw line format) |
low line 253
Access to .env file
SourceSKILL.md
| 253 | env_file="$dir/.env" |
medium line 272
Access to .env file
SourceSKILL.md
| 272 | This file can be updated at any time without restarting OpenClaw, keys are read fresh on each invocation. Users can tell you the variables are now set or stored in a `.env` file, and you should re-rea |
medium line 285
Access to .env file
SourceSKILL.md
| 285 | * Never source a secrets file into the shell environment (`source .env` or `. .env`) |
low line 211
External URL reference
SourceSKILL.md
| 211 | * Mainnet: https://fapi.binance.com |
low line 212
External URL reference
SourceSKILL.md
| 212 | * Testnet: https://demo-fapi.binance.com |
Scanned on May 13, 2026
View Security DashboardRate this skill
Categoryfinance accounting
UpdatedJune 15, 2026
frontendnotiondocxgitapitestingbackendfinancial-analystbusiness-development🇺🇸 USfinance accountingsales
Parmasanandgarlic/farmdash-signal-architect-SKILL.md