assets
Facilitates Binance asset requests via authenticated API endpoints, enabling users to manage their cryptocurrency assets efficiently.
Install this skill
or
62/100
Security score
The assets skill was audited on May 13, 2026 and we found 14 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 185
Access to hidden dotfiles in home directory
SourceSKILL.md
| 185 | Check `~/.openclaw/secrets.env` , `~/.env`, or a `.env` file in the workspace. Read individual keys with `grep`, never source the full file: |
low line 188
Access to hidden dotfiles in home directory
SourceSKILL.md
| 188 | API_KEY=$(grep '^BINANCE_API_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 189
Access to hidden dotfiles in home directory
SourceSKILL.md
| 189 | SECRET_KEY=$(grep '^BINANCE_SECRET_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 192
Access to hidden dotfiles in home directory
SourceSKILL.md
| 192 | for dir in ~/.openclaw ~; do |
medium line 160
Access to .env file
SourceSKILL.md
| 160 | Users can provide Binance API credentials in different ways. The agent will try to retrieve automatically with the two first ways the credentials, but users can also explicitly tell the agent that the |
medium line 183
Access to .env file
SourceSKILL.md
| 183 | 2. **Secrets file (.env)** |
medium line 185
Access to .env file
SourceSKILL.md
| 185 | Check `~/.openclaw/secrets.env` , `~/.env`, or a `.env` file in the workspace. Read individual keys with `grep`, never source the full file: |
low line 188
Access to .env file
SourceSKILL.md
| 188 | API_KEY=$(grep '^BINANCE_API_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 189
Access to .env file
SourceSKILL.md
| 189 | SECRET_KEY=$(grep '^BINANCE_SECRET_KEY=' ~/.openclaw/secrets.env 2>/dev/null | cut -d= -f2-) |
low line 191
Access to .env file
SourceSKILL.md
| 191 | # Fallback: search .env in known directories (KEY=VALUE then raw line format) |
low line 194
Access to .env file
SourceSKILL.md
| 194 | env_file="$dir/.env" |
medium line 213
Access to .env file
SourceSKILL.md
| 213 | This file can be updated at any time without restarting OpenClaw, keys are read fresh on each invocation. Users can tell you the variables are now set or stored in a `.env` file, and you should re-rea |
medium line 226
Access to .env file
SourceSKILL.md
| 226 | * Never source a secrets file into the shell environment (`source .env` or `. .env`) |
low line 154
External URL reference
SourceSKILL.md
| 154 | * Mainnet: https://api.binance.com |
Scanned on May 13, 2026
View Security DashboardRate this skill
Categoryfinance accounting
UpdatedJune 15, 2026
Parmasanandgarlic/farmdash-signal-architect-SKILL.md