OpenMM
WarnAudited by ClawScan on May 10, 2026.
Overview
OpenMM appears to be a real crypto trading integration, but it can give agents and chat commands authority to use exchange keys to place, cancel, and automate trades.
Install only if you intentionally want an agent or OpenClaw channel to help manage crypto exchange trading. Use dedicated API keys with no withdrawal permission, restrict tools and chat commands to trusted users, keep real order and grid tools disabled until needed, test with dry-run first, and consider pinning package versions before using real funds.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled with trading API keys, an agent could place trades using the user's exchange account.
The tool can place real exchange orders once invoked. The shown code directly executes the CLI command and relies on tool allowlisting and instruction text for confirmation rather than showing a hard per-execution approval gate.
name: "openmm_create_order" ... "Place a limit or market order. IMPORTANT: Always confirm with the user before executing." ... return text(await openmm(args));
Keep order-creation and grid-trading tools disabled unless needed, require explicit user approval for every trade, and use exchange-level limits such as read/trade-only keys, no withdrawals, IP allowlisting, and small budgets.
A mistaken or unauthorized command in a connected channel could cancel active orders on an exchange account.
The plugin documents an immediate chat command that can cancel all open orders. This is purpose-aligned but high-impact, especially when no symbol is provided.
These commands execute immediately without invoking the AI agent ... `/cancel-all <exchange> [symbol]` | Cancel all open orders (auth required)
Restrict chat command access to trusted users, require channel-level authentication, and avoid enabling cancel-all unless you need it.
Keys with trade permissions can allow balance viewing, order placement, and order cancellation on supported exchanges.
The skill needs exchange API keys and secrets to read balances and perform trading actions. This is expected for the stated purpose, but the credentials are financially sensitive.
MEXC_API_KEY=your_mexc_api_key ... MEXC_SECRET=your_mexc_secret_key ... BITGET_SECRET=your_bitget_secret_key ... KRAKEN_SECRET=your_kraken_secret_key
Create dedicated API keys with the minimum required permissions, never enable withdrawals, and configure only the exchanges you intend the skill to use.
Future dependency changes could alter the behavior of trading commands after install or update.
The high-impact trading plugin depends on the OpenMM package using the moving `latest` version, so the installed code can change over time without a pinned version in this artifact.
"dependencies": { "@3rd-eye-labs/openmm": "latest", "@sinclair/typebox": "^0.34.0" }Prefer pinned package versions or lockfiles for production trading use, and install from a source you trust.
The skill can run the installed OpenMM CLI on the local machine to interact with exchanges.
The plugin executes the local `openmm` binary. This is expected for a CLI wrapper and uses execFile-style argument passing, but users should recognize that enabling the plugin runs local commands.
async function openmm(args: string[]): Promise<string> { const { stdout } = await exec("openmm", args); return stdout.trim(); }Install the CLI only from trusted package sources and review updates before using it with real exchange credentials.
Any client connected to that MCP server may be able to request market data or trading actions depending on the server and key permissions.
The MCP option exposes the trading toolset to connected MCP clients while credentials may be provided through environment variables. This is purpose-aligned but creates a trust boundary users must manage.
Run `npx @qbtlabs/openmm-mcp` to start a local MCP server over stdio. This exposes all 13 tools to any MCP-compatible client.
Connect the MCP server only to trusted clients, avoid sharing the configured environment, and use limited API keys.
The plugin may keep monitoring trading strategies after being enabled, rather than acting only during a single chat request.
The background monitor is disclosed and aligned with strategy monitoring, but it is automatic persistence that users should know about.
The plugin registers a strategy monitor service that tracks active grid strategies. The service starts automatically when the plugin is enabled.
Enable the plugin only when you want ongoing strategy monitoring, and disable it when not in use.