OpenMM Grid Trading
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill can run a real-money automated crypto trading bot and asks for multiple exchange API keys, so it needs careful review before use.
Only install if you are comfortable with an automated bot placing real crypto trades. Verify the OpenMM package first, use a dedicated trade-only API key with withdrawals disabled, provide credentials only for the exchange you will use, run dry-run mode first, and set conservative order size and max-position limits.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run live, the agent/tool can place real exchange orders and potentially lose funds.
The non-dry-run command is the live path, and the documented default can allocate up to 80% of balance. That is high-impact financial mutation without a documented confirmation gate.
openmm trade --strategy grid --exchange mexc --symbol INDY/USDT ... `--max-position <decimal>` | Max position size as % of balance | 0.8 ... `--dry-run` | Simulate without placing real orders
Use dry-run first, require explicit user confirmation before any live order placement, start with very small size/max-position values, and monitor the bot while it runs.
Providing unnecessary exchange credentials increases the number of accounts and funds exposed to the tool or its dependency.
The skill declares all four exchange API keys as required, even though each command chooses one exchange. The artifacts do not bound key permissions, account scope, or explain why all exchange credentials are needed at once.
env: [MEXC_API_KEY, GATEIO_API_KEY, BITGET_API_KEY, KRAKEN_API_KEY]
Provide only the API key for the exchange you intend to use, use trade-only keys with withdrawals disabled, and prefer a skill version that declares exchange-specific optional credentials.
The safety of trading and credential handling depends on the external openmm package, not on code included in this skill artifact.
The main executable comes from an external npm package. This is expected for the skill, but the provided artifacts contain no reviewed code for that package.
node | package: @3rd-eye-labs/openmm | creates binaries: openmm
Verify the npm package publisher, version, source repository, and reputation before installing, especially because it will use exchange credentials.
Once started, the bot may continue placing and adjusting orders until stopped.
The skill is intentionally a long-running automated trading process. It is disclosed and user-stoppable, but it can keep acting while running.
Good for: ... 24/7 automated trading ... Press `Ctrl+C` to gracefully stop.
Run it only in a controlled terminal/session, monitor open orders and balances, and stop it promptly if market conditions or settings are wrong.