margin-trading
Facilitates margin trading on Binance using authenticated API requests for account management and trading operations.
Install this skill
or
62/100
Security score
The margin-trading skill was audited on May 13, 2026 and we found 14 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 232
Access to hidden dotfiles in home directory
SourceSKILL.md
| 232 | Check `~/.openclaw/secrets.env` , `~/.env`, or a `.env` file in the workspace. Read individual keys with `grep`, never source the full file: |
low line 235
Access to hidden dotfiles in home directory
SourceSKILL.md
| 235 | API_KEY=$(grep '^BINANCE_API_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 236
Access to hidden dotfiles in home directory
SourceSKILL.md
| 236 | SECRET_KEY=$(grep '^BINANCE_SECRET_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 239
Access to hidden dotfiles in home directory
SourceSKILL.md
| 239 | for dir in ~/.openclaw ~; do |
medium line 207
Access to .env file
SourceSKILL.md
| 207 | Users can provide Binance API credentials in different ways. The agent will try to retrieve automatically with the two first ways the credentials, but users can also explicitly tell the agent that the |
medium line 230
Access to .env file
SourceSKILL.md
| 230 | 2. **Secrets file (.env)** |
medium line 232
Access to .env file
SourceSKILL.md
| 232 | Check `~/.openclaw/secrets.env` , `~/.env`, or a `.env` file in the workspace. Read individual keys with `grep`, never source the full file: |
low line 235
Access to .env file
SourceSKILL.md
| 235 | API_KEY=$(grep '^BINANCE_API_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 236
Access to .env file
SourceSKILL.md
| 236 | SECRET_KEY=$(grep '^BINANCE_SECRET_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 238
Access to .env file
SourceSKILL.md
| 238 | # Fallback: search .env in known directories (KEY=VALUE then raw line format) |
low line 241
Access to .env file
SourceSKILL.md
| 241 | env_file="$dir/.env" |
medium line 260
Access to .env file
SourceSKILL.md
| 260 | This file can be updated at any time without restarting OpenClaw, keys are read fresh on each invocation. Users can tell you the variables are now set or stored in a `.env` file, and you should re-rea |
medium line 273
Access to .env file
SourceSKILL.md
| 273 | * Never source a secrets file into the shell environment (`source .env` or `. .env`) |
low line 201
External URL reference
SourceSKILL.md
| 201 | * Mainnet: https://api.binance.com |
Scanned on May 13, 2026
View Security DashboardRate this skill
Categoryfinance accounting
UpdatedJune 15, 2026
frontenddocxgitapitestingfinancial-analystcfo-fpaaccountantbusiness-developmentgrowth-marketerfinance accountingsalesmarketing
Parmasanandgarlic/farmdash-signal-architect-SKILL.md