ClawHub

Openclaw Trading Suite

v1.0.0

End-to-end autonomous trading skill for swing and algo strategies with analysis, screening, risk controls, execution gating, logging, and continuous optimiza...

0· 265·0 current·1 all-time
by@oscraters
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill advertises full lifecycle trading (research → execution → live graduation) and references real brokers (Alpaca, Binance, Kalshi) in the plans, yet the registry lists no required environment variables, no primary credential, and no required config paths. A trading orchestration skill that can place live orders would legitimately require broker API keys, exchange credentials, or SecretRefs; their absence in the declared requirements is an incoherence that could be benign (the author left them out to be adapter-specific) but is unexpected and increases risk.
Instruction Scope
SKILL.md instructs the agent to ingest market/news data, run screeners, gate and execute orders, and 'log every step to persistent storage'. References and adapter contract docs instruct the use of a SkillDiscoveryService and AdapterRouter which explicitly scan local skill roots for SKILL.md capabilities — this gives the skill discretion to read local skill files and register adapter routes. Reading local skill roots can be plausible for adapter discovery but is broader scope than a simple 'trading helper' and could expose other local skill metadata; the instructions otherwise stay within trading purpose (paper-first by default, per-hypothesis approval for first live deployment).
Install Mechanism
No install spec is provided (instruction-only), and all code files are included in the repo. There is no remote download or external install command in the manifest, which reduces third-party install risk. However, the skill contains substantial Python modules (adapters, sqlite store, secrets handling), so runtime execution will depend on the agent environment's Python runtime and network access.
!
Credentials
The manifest declares no required env vars or primary credential even though the plans and docs explicitly reference Alpaca, Binance, Kalshi, and SecretRef handling. Trading and execution adapters normally require API keys and secrets; omitting them from requires.env is disproportionate. It is unclear whether the skill expects credentials to be supplied ad-hoc or via OpenClaw SecretRefs, but the registry should list at least the types of secrets the skill will access. Also, the repo contains a security/secrets.py module and references secrets_management.md, indicating credential handling logic — without explicit declared envs, users cannot easily audit what secret names the code will read at runtime.
Persistence & Privilege
The skill writes to persistent stores by design (SQLite-backed retention, model runs, orders, fills). That is coherent for a trading suite. The skill is not marked always:true. However, two points warrant attention: (1) the skill includes SkillDiscoveryService logic which scans local skill roots — this allows reading other local SKILL.md files and could reveal other skills' capabilities/config; (2) the agent-default autonomous invocation is permitted (disable-model-invocation: false). Autonomous invocation combined with persistence and potential adapter execution is expected for such a skill but raises operational risk if you enable live mode without strict guardrails.
What to consider before installing
Before installing or enabling this skill, consider the following: 1) Do not enable live trading until you have audited adapter implementations that will perform order submission (search for adapters that call broker APIs) and verified where API keys must be provided. 2) Require explicit, per-hypothesis live approvals and keep the default paper-only mode; test extensively in paper mode. 3) Inspect secrets handling (references/secrets_management.md and src/openclaw_trading_suite/security/secrets.py) to see exactly which environment variables, SecretRef names, or file paths the code reads — add those names to the registry or deny runtime access until confirmed. 4) Review SkillDiscoveryService / AdapterRouter code: if you want to prevent the skill from scanning other local skills or files, restrict its file-system permissions or ask the author to remove/limit discovery. 5) Run the test suite locally and audit network endpoints the code contacts (look for hostnames/IPs in adapter implementations). 6) If you plan to allow autonomous invocation, limit the agent's scope (e.g., prevent live-mode adapter credentials from being present in the same environment, require manual approval for any live switching). 7) If you cannot audit the code or confirm credential usage, consider treating this skill as research-only and avoid supplying real broker credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk979y28scvgft7pfky2fdtphq182bpqj
265downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@oscraters
latest
Download

OpenClaw Trading Suite

Use this skill when the user asks for end-to-end trading-agent behavior across analysis, hypothesis creation, risk management, execution, and continuous optimization.

Scope

  • Strategy styles: swing-first, with optional intraday and event-driven variants.
  • Assets: equities and crypto by default.
  • Lifecycle: research -> hypothesis -> validate -> size risk -> execute -> review -> retrain.
  • Data retention: all decisions, signals, fills, outcomes, and model versions are logged for later analysis.

Core workflow

  1. Ingest market, technical, and optional lightweight sentiment/event data.
  2. Run screeners to generate candidate tickers/coins for strategy hypotheses.
  3. Build trade hypotheses with explicit entry, exit, invalidation, and confidence.
  4. Apply strategy-specific risk profile (not global static policy).
  5. Gate execution based on drawdown, exposure, and confidence thresholds.
  6. Log every step to persistent storage (research, signals, orders, fills, P&L).
  7. Run periodic review: win rate, expectancy, drawdown, and regime-fit diagnostics.
  8. Feed outcomes into optimization/retraining loop with champion-vs-challenger testing.

Strategy catalog

Load references/strategy_profiles.md when a user asks for concrete strategies or wants to include the "4 bots competition" approaches.

Data model and retention

Load references/data_retention_schema.md when implementing storage, analytics, or RL/ML training.

Autonomy modes

Load references/autonomy_modes.md when implementing user-selected autonomy behavior and approvals.

Adapter extension contract

Load references/adapter_plugin_contract.md when adding venues, data feeds, or research tools.

Strategy builder and gates

Load references/strategy_builder_and_gates.md when user/agent-defined thresholds are needed for paper-to-live graduation.

Secrets handling

Load references/secrets_management.md when adding providers, credentials, or runtime configuration.

Orchestration

Load references/system_orchestration.md when wiring agents/tools, heartbeat cadence, and execution triggers.

Execution policy defaults

  • Start in paper mode unless user explicitly requests live mode.
  • Require per-hypothesis approval for first live deployment of any new strategy.
  • Enforce strategy-local risk budgets and portfolio-level circuit breakers.
  • Halt strategy if live or paper performance breaches configured drawdown limits.

Reuse notes for this repository

  • Existing modules to reuse first: market-data-aggregator, technical-analysis-engine, risk-position-manager, strategy-optimizer, trade-signal-processor-executor, performance-reporter-learner, profit-forecaster, and temp-rl-proto.
  • Treat older module SKILL.md files as component-level docs; this suite is the orchestrator skill.
  • Nightly research entry point: scripts/nightly_research.py.

Comments

Loading comments...