Skip to main content

alpha

Facilitates Binance Alpha requests using the Binance API, enabling users to access trading data securely with authentication.

Install this skill

or
62/100

Security score

The alpha skill was audited on May 13, 2026 and we found 14 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 85

Access to hidden dotfiles in home directory

SourceSKILL.md
85Check `~/.openclaw/secrets.env` , `~/.env`, or a `.env` file in the workspace. Read individual keys with `grep`, never source the full file:
low line 88

Access to hidden dotfiles in home directory

SourceSKILL.md
88API_KEY=$(grep '^BINANCE_API_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-)
low line 89

Access to hidden dotfiles in home directory

SourceSKILL.md
89SECRET_KEY=$(grep '^BINANCE_SECRET_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-)
low line 92

Access to hidden dotfiles in home directory

SourceSKILL.md
92for dir in ~/.openclaw ~; do
medium line 60

Access to .env file

SourceSKILL.md
60Users can provide Binance API credentials in different ways. The agent will try to retrieve automatically with the two first ways the credentials, but users can also explicitly tell the agent that the
medium line 83

Access to .env file

SourceSKILL.md
832. **Secrets file (.env)**
medium line 85

Access to .env file

SourceSKILL.md
85Check `~/.openclaw/secrets.env` , `~/.env`, or a `.env` file in the workspace. Read individual keys with `grep`, never source the full file:
low line 88

Access to .env file

SourceSKILL.md
88API_KEY=$(grep '^BINANCE_API_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-)
low line 89

Access to .env file

SourceSKILL.md
89SECRET_KEY=$(grep '^BINANCE_SECRET_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-)
low line 91

Access to .env file

SourceSKILL.md
91# Fallback: search .env in known directories (KEY=VALUE then raw line format)
low line 94

Access to .env file

SourceSKILL.md
94env_file="$dir/.env"
medium line 113

Access to .env file

SourceSKILL.md
113This file can be updated at any time without restarting OpenClaw, keys are read fresh on each invocation. Users can tell you the variables are now set or stored in a `.env` file, and you should re-rea
medium line 126

Access to .env file

SourceSKILL.md
126* Never source a secrets file into the shell environment (`source .env` or `. .env`)
low line 54

External URL reference

SourceSKILL.md
54* Mainnet: https://www.binance.com
Scanned on May 13, 2026
View Security Dashboard
Installation guide →
Rate this skill
Categorymarketing
UpdatedJune 15, 2026
frontendgitapitestinggrowth-marketerproduct-marketerdata-analystmarketingdata analytics
Parmasanandgarlic/farmdash-signal-architect-SKILL.md