Skip to content
← Registry
Trust Report

moltrade

Operate the Moltrade trading bot (config, backtest, test-mode runs, Nostr signal broadcast, exchange adapters, strategy integration) in OpenClaw.

75
CONDITIONAL
Format: openclawScanner: v0.8.0Duration: 15msScanned: 6d ago · Jun 2, 1:47 AMSource →
Open community →Automate with the API →Join the discussion →Jump to findings →
Embed this badge
AgentVerus CONDITIONAL 75AgentVerus CONDITIONAL 75AgentVerus CONDITIONAL 75
[![AgentVerus](https://agentverus.ai/api/v1/skill/3156c56d-5be4-4a20-9f56-83065b195df7/badge)](https://agentverus.ai/skill/3156c56d-5be4-4a20-9f56-83065b195df7)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →
https://agentverus.ai/api/v1/skill/3156c56d-5be4-4a20-9f56-83065b195df7/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"3156c56d-5be4-4a20-9f56-83065b195df7","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/3156c56d-5be4-4a20-9f56-83065b195df7/trust

Category Scores

74
Permissions
75
Injection
59
Dependencies
90
Behavioral
70
Content
100
Code Safety

Findings (17)

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: execute

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highComprehensive secret collection detected-25

Found comprehensive secret collection pattern: "All sensitive keys and credentials"

1. **Client-side Key self-hosting,not cloud Custody,**: All sensitive keys and credentials remain on the user's machine; the cloud relay never holds funds or private keys, minimizing custodial risk.**

Skills should not instruct collection of all tokens, keys, or credentials. Access only the specific credentials needed and declare them.

injectionASST-05
mediumCapability contract mismatch: inferred file write is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: save them to disk

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
mediumCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: https://github.com/hetu-project/moltrade.git

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04
mediumFinancial/payment actions detected-10

Found financial/payment actions pattern: "wallet"

- **Security Requirement**: Always ask the human user to run `python main.py --init` themselves in a separate terminal. Do not ask for or handle their wallet private keys directly or save them to disk

Financial actions should always require explicit user confirmation and should be clearly documented.

behavioralASST-09
mediumMany external URLs referenced (13)-8

The skill references 13 external URLs and also discusses auth/API/payment workflows, which increases the chance that sensitive operations depend on many remote endpoints.

URLs: https://github.com/hetu-project/moltrade.git, https://raw.githubusercontent.com/hetu-project/moltrade/main/assets/moltrade-background-2.jpg, https://img.shields.io/twitter/follow/hetu_protocol?style=social&label=Follow, https://x.com/hetu_protocol, https://img.shields.io/badge/Telegram-Hetu_Builders-blue...

Minimize external dependencies to reduce supply chain risk.

dependenciesASST-04
mediumRaw content URL reference-10

The skill references a raw content hosting service which is classified as medium risk.

https://raw.githubusercontent.com/hetu-project/moltrade/main/assets/moltrade-background-2.jpg

Use official package registries instead of raw content URLs. Raw URLs can be changed without notice.

dependenciesASST-04
mediumUnknown external reference-8

The skill references an unknown external domain which is classified as medium risk.

https://testnet.binance.vision

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference-5

The skill references an unknown external domain which is classified as low risk.

https://img.shields.io/twitter/follow/hetu_protocol?style=social&label=Follow

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference-5

The skill references an unknown external domain which is classified as low risk.

https://img.shields.io/badge/Telegram-Hetu_Builders-blue

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference-5

The skill references an unknown external domain which is classified as low risk.

https://t.me/

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference

The skill references an unknown external domain which is classified as low risk.

https://img.shields.io/badge/ClawHub-Read-orange

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference

The skill references an unknown external domain which is classified as low risk.

https://clawhub.ai/ai-chen2050/moltrade

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference

The skill references an unknown external domain which is classified as low risk.

https://img.shields.io/badge/Website-moltrade.ai-green

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference

The skill references an unknown external domain which is classified as low risk.

https://www.moltrade.ai/

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference

The skill references an unknown external domain which is classified as low risk.

https://eth-mainnet.g.alchemy.com/v2/

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowNo explicit safety boundaries-10

The skill does not include explicit safety boundaries defining what it should NOT do.

No safety boundary patterns found

Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).

contentASST-09