moltrade
v1.0.9Operate the Moltrade trading bot (config, backtest, test-mode runs, Nostr signal broadcast, exchange adapters, strategy integration) in OpenClaw.
⭐ 7· 4.5k·14 current·16 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (operate Moltrade bot, backtests, Nostr, exchange adapters) matches the SKILL.md content: python/pip binaries, repo clone, pip install, backtest and run commands, and guidance for Nostr and exchange credentials. The included Binance support and Square-post docs are relevant to the stated exchange/social features.
Instruction Scope
The SKILL.md instructs the agent and user to run local Python commands, initialize configs, run backtests, and check Nostr/exchange config blocks. It explicitly warns agents not to request or handle private keys and to ask the human to run `python main.py --init` themselves. This is appropriate, but the SKILL.md does reference sensitive fields (e.g., `nsec`, API keys). The user should ensure the agent never asks the user to paste private keys into chat or store secrets in public files.
Install Mechanism
This is an instruction-only skill with no install spec and no code files executed by the platform. That minimizes write-to-disk risks. The documentation suggests cloning the official GitHub repo and using pip to install requirements — standard practice for a Python tool.
Credentials
The skill declares no required environment variables (the user provides keys for exchanges or Square/Nostr when needed). This is proportionate: trading and Nostr features legitimately need API keys/secret keys. The skill and bundled Binance docs do show examples that handle API_KEY/SECRET and advise limiting permissions (e.g., disable withdrawals) — follow those recommendations. Confirm the agent will not persist or exfiltrate those secrets.
Persistence & Privilege
always is false and the skill is user-invocable; model-invocation is allowed (platform default). The skill does not request persistent system-wide privileges or attempt to modify other skill configs in the provided documentation.
Assessment
This skill appears coherent for controlling the Moltrade bot, but trading and signal systems are intrinsically sensitive. Before installing: 1) Run everything in a safe/dev environment and use exchange testnet credentials first. 2) Create API keys with minimal permissions (spot trading only; disable withdrawals; IP whitelist). 3) Never paste your private wallet/Nostr `nsec` or secret keys into chat — prefer local config files or environment variables on your machine. 4) Verify the GitHub repo content locally (git clone) before running; inspect any scripts you execute. 5) When asked to run the bot, confirm the agent prompts you for explicit approval before switching from test to live mode. If you want higher assurance, review the upstream repo code (main.py, trader/*) to confirm there is no unexpected network exfiltration or hidden behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk979fm8bgz90m5mfhm5beqrp3d833gmw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🤖 Clawdis
Binspython, pip