Skip to main content

katbot-trading

Enables live crypto trading on Hyperliquid with AI-driven market analysis, token selection, and trade execution via Katbot.ai.

Install this skill

or
14/100

Security score

The katbot-trading skill was audited on May 15, 2026 and we found 18 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 65

Access to hidden dotfiles in home directory

SourceSKILL.md
65The `bmi_alert.py` script reads `~/.openclaw/workspace/portfolio_tokens.json` to include specific token performance in the alert message.
medium line 80

Access to hidden dotfiles in home directory

SourceSKILL.md
80| `KATBOT_IDENTITY_DIR` | Optional override | Path to identity files directory. Default: `~/.openclaw/workspace/katbot-identity` |
medium line 102

Access to hidden dotfiles in home directory

SourceSKILL.md
102All persistent credentials are stored in `KATBOT_IDENTITY_DIR` (default: `~/.openclaw/workspace/katbot-identity/`). This directory is **outside the project tree** deliberately — its contents are never
medium line 115

Access to hidden dotfiles in home directory

SourceSKILL.md
115- If `~/.openclaw/workspace/katbot-identity/` is compromised, an attacker gains the agent trading key and session tokens but **not** the MetaMask wallet key, limiting the blast radius to funds accessi
medium line 379

Access to hidden dotfiles in home directory

SourceSKILL.md
3794. Save `KATBOT_HL_AGENT_PRIVATE_KEY`, `katbot_config.json`, and `katbot_token.json` to `~/.openclaw/workspace/katbot-identity/`.
medium line 393

Access to hidden dotfiles in home directory

SourceSKILL.md
393No re-onboarding is needed for upgrades. The identity files in `~/.openclaw/workspace/katbot-identity/` are preserved across upgrades. If a tool fails after upgrade, run `ensure_env.sh` first.
medium line 85

Access to .env file

SourceSKILL.md
85### `.env` File Loader — CLI/Development Use Only
medium line 87

Access to .env file

SourceSKILL.md
87`katbot_client.py` contains a `.env` file loader for CLI use outside OpenClaw (`tubman-bobtail-py` mode). At import time it searches these paths for a `katbot_client.env` file:
medium line 89

Access to .env file

SourceSKILL.md
891. `{projectRoot}/env/local/katbot_client.env`
medium line 90

Access to .env file

SourceSKILL.md
902. `{baseDir}/../env/local/katbot_client.env`
medium line 91

Access to .env file

SourceSKILL.md
913. `{baseDir}/tools/katbot_client.env`
medium line 93

Access to .env file

SourceSKILL.md
93If a file is found, it loads **only non-secret config** from it: `KATBOT_BASE_URL`, `KATBOT_IDENTITY_DIR`, and `CHAIN_ID`. Private keys (`WALLET_PRIVATE_KEY` and `KATBOT_HL_AGENT_PRIVATE_KEY`) are exp
medium line 96

Access to .env file

SourceSKILL.md
96- **NEVER** create or suggest creating a `katbot_client.env` containing private keys.
medium line 97

Access to .env file

SourceSKILL.md
97- **NEVER** place `WALLET_PRIVATE_KEY` or `KATBOT_HL_AGENT_PRIVATE_KEY` in any `.env` file.
medium line 98

Access to .env file

SourceSKILL.md
98- A `katbot_client.env` is acceptable only for non-secret config (`KATBOT_BASE_URL`, `CHAIN_ID`, `KATBOT_IDENTITY_DIR`, `PORTFOLIO_ID`, `WALLET_ADDRESS`).
medium line 311

Access to .env file

SourceSKILL.md
311`katbot_client.py` can be run as a standalone script (reads `PORTFOLIO_ID` from `.env` or environment):
medium line 345

Access to .env file

SourceSKILL.md
345- **NEVER** create a `katbot_client.env` file containing `WALLET_PRIVATE_KEY` or `KATBOT_HL_AGENT_PRIVATE_KEY`. The `.env` loader will not inject private keys into the process, but placing them in suc
low line 79

External URL reference

SourceSKILL.md
79| `KATBOT_BASE_URL` | Optional override | API base URL. Default: `https://api.katbot.ai` |
Scanned on May 15, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.0K
Rate this skill
Categorymarketing
UpdatedMay 20, 2026
openclawapigrowth-marketerproduct-marketerfinancial-analystdata-analystbusiness-developmenttelegrammarketingfinance accountingdata analyticssales
LeoYeAI/openclaw-master-skills