Axelrod
v0.1.0AI-powered Base-chain trading and on-chain query agent via natural language. Use when the user wants to trade crypto (buy/sell/swap tokens), set up automated strategies (DCA, limit orders, RSI), check portfolio balances, view token prices, query token info/analysis, check order status, manage take-profit/stop-loss orders, or ask about crypto/DeFi topics on Base chain. Always run scripts/axelrod_chat.py to fetch real-time results.
⭐ 0· 754·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's code, README, references/api.md, and SKILL.md all require AIXVC_ACCESS_KEY and AIXVC_SECRET_KEY and perform SigV4-style signed requests to https://api.aixvc.io/gw for Base-chain trading. However, the registry metadata lists no required environment variables or primary credential. That inconsistency is meaningful: a trading skill legitimately needs AK/SK, so the registry record is incomplete/misleading.
Instruction Scope
The SKILL.md instructions are focused on the stated purpose: always run scripts/axelrod_chat.py for real-time queries/trades, configure AK/SK in OpenClaw config, and return the CLI stdout (including confirmKey flow). The instructions do not ask the agent to read unrelated system files. They do instruct storing credentials in the OpenClaw config under skills.entries.axelrod.env (which is expected but has security implications noted below).
Install Mechanism
This is an instruction-only skill with one Python script and a requirements.txt (requests). There is no opaque download/install step. The only installation step is 'pip install -r requirements.txt' which is proportionate to the Python CLI.
Credentials
The script legitimately requires two secrets (AIXVC_ACCESS_KEY, AIXVC_SECRET_KEY) for signing requests. That is proportionate for a gateway-authenticated trading client — but the registry metadata does not declare those env vars or a primary credential, which is misleading and could result in the platform not prompting the user to supply or protect those secrets. Additionally, SKILL.md advises storing keys in OpenClaw config; persisting AK/SK in plaintext config increases exposure unless the user uses a protected secret store.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. It does not modify other skills or system-wide settings. The README instructs adding the skill directory to OpenClaw config, which is normal for third-party skills.
What to consider before installing
Before installing: 1) Note the registry metadata is incomplete — the skill requires AIXVC_ACCESS_KEY and AIXVC_SECRET_KEY even though the registry lists none. Treat that as a red flag and confirm with the publisher. 2) Verify you trust the external endpoint (https://api.aixvc.io). Ask for an official homepage, docs, or publisher identity; do not use production funds until you confirm provenance. 3) Prefer injecting AK/SK via a secure secret store or environment variables rather than committing them into a plaintext OpenClaw config file. 4) Review the script (scripts/axelrod_chat.py) yourself — it performs SigV4-style signing and sends your requests; ensure it does not log secrets (it doesn't explicitly), and run it in a safe/test environment first. 5) Test with minimal amounts and monitor network traffic while exercising the CLI to confirm it only communicates with expected endpoints. If the publisher cannot explain the metadata mismatch and provide trustworthy source/homepage, consider not installing the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97chs3bdp99kp1sfy38ftk4ks80wzmk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.