binance-api-usage

The package documentation outlines legitimate trading automation capabilities using python-binance. Primary risks are typical for trading automation: autonomy abuse (unauthorized or unattended order execution), credential exposure from .env usage, and supply-chain risk from third-party dependencies without pinned integrity. No explicit indicators of malicious code (backdoors, obfuscated payloads, or exfiltration to attacker-controlled domains) are present in the provided text. Because only descriptive material was provided and no script source was reviewed, a conservative posture is warranted: treat this as functional but moderately risky. Mitigations: require least-privilege API keys (no withdrawals), use testnet by default, add manual confirmation or safety limits for order execution, .gitignore .env, pin dependency versions and verify checksums, and review example scripts and dependencies for unexpected network calls before trusting credentials on a host.