spot
Facilitates Binance Spot requests via the Binance API, enabling users to access market data and manage orders securely.
Install this skill
or
60/100
Security score
The spot skill was audited on May 13, 2026 and we found 16 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 267
Access to hidden dotfiles in home directory
SourceSKILL.md
| 267 | Check `~/.openclaw/secrets.env` , `~/.env`, or a `.env` file in the workspace. Read individual keys with `grep`, never source the full file: |
low line 270
Access to hidden dotfiles in home directory
SourceSKILL.md
| 270 | API_KEY=$(grep '^BINANCE_API_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 271
Access to hidden dotfiles in home directory
SourceSKILL.md
| 271 | SECRET_KEY=$(grep '^BINANCE_SECRET_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 274
Access to hidden dotfiles in home directory
SourceSKILL.md
| 274 | for dir in ~/.openclaw ~; do |
medium line 240
Access to .env file
SourceSKILL.md
| 240 | Users can provide Binance API credentials in different ways. The agent will try to retrieve automatically with the two first ways the credentials, but users can also explicitly tell the agent that the |
medium line 265
Access to .env file
SourceSKILL.md
| 265 | 2. **Secrets file (.env)** |
medium line 267
Access to .env file
SourceSKILL.md
| 267 | Check `~/.openclaw/secrets.env` , `~/.env`, or a `.env` file in the workspace. Read individual keys with `grep`, never source the full file: |
low line 270
Access to .env file
SourceSKILL.md
| 270 | API_KEY=$(grep '^BINANCE_API_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 271
Access to .env file
SourceSKILL.md
| 271 | SECRET_KEY=$(grep '^BINANCE_SECRET_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 273
Access to .env file
SourceSKILL.md
| 273 | # Fallback: search .env in known directories (KEY=VALUE then raw line format) |
low line 276
Access to .env file
SourceSKILL.md
| 276 | env_file="$dir/.env" |
medium line 295
Access to .env file
SourceSKILL.md
| 295 | This file can be updated at any time without restarting OpenClaw, keys are read fresh on each invocation. Users can tell you the variables are now set or stored in a `.env` file, and you should re-rea |
medium line 308
Access to .env file
SourceSKILL.md
| 308 | * Never source a secrets file into the shell environment (`source .env` or `. .env`) |
low line 232
External URL reference
SourceSKILL.md
| 232 | * Mainnet: https://api.binance.com |
low line 233
External URL reference
SourceSKILL.md
| 233 | * Testnet: https://testnet.binance.vision |
low line 234
External URL reference
SourceSKILL.md
| 234 | * Demo: https://demo-api.binance.com |
Scanned on May 13, 2026
View Security DashboardRate this skill
Categoryfinance accounting
UpdatedJune 15, 2026
frontenddocxgitapitestingbackendfinancial-analystgrowth-marketerbusiness-developmentfinance accountingmarketingsales
Parmasanandgarlic/farmdash-signal-architect-SKILL.md