ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

pionex-trade

v1.0.0

Use when the user asks to place orders, cancel orders, check open orders or fills on Pionex. Covers spot orders via `pionex-trade-cli` CLI. Requires API cred...

0· 60·0 current·0 all-time
by@pibrandon

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for pibrandon/pionex-trade.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "pionex-trade" (pibrandon/pionex-trade) from ClawHub.
Skill page: https://clawhub.ai/pibrandon/pionex-trade
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pionex-trade

ClawHub CLI

Package manager switcher

npx clawhub@latest install pionex-trade
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill purpose (placing/cancelling spot orders on Pionex via pionex-trade-cli) is coherent with the runtime instructions. However, the registry metadata declares no credentials or config paths while the SKILL.md explicitly requires API credentials stored at ~/.pionex/config.toml and running `pionex-ai-kit onboard`. The omission of credential/config requirements from metadata is an inconsistency.
Instruction Scope
The SKILL.md instructions are narrowly scoped to running the pionex-trade-cli CLI, checking balances, parsing JSON output, using dry-run for writes, and asking for user confirmation before finalizing orders. There is no instruction to read unrelated files or exfiltrate data beyond the exchange API/CLI.
Install Mechanism
The SKILL.md recommends installing @pionex/pionex-ai-kit via npm (global install) to provide pionex-trade-cli. Installing an npm CLI from the public registry is a common pattern but carries moderate risk; the registry metadata itself lists no install spec, creating a mismatch that should be resolved (is the agent expected to auto-install or rely on preinstalled binaries?).
!
Credentials
The skill requires exchange API credentials (sensitive) and a config file at ~/.pionex/config.toml per SKILL.md, which is appropriate for trading. But the registry metadata does not declare any required env vars, primary credential, or config paths — this lack of declared required secrets/configs is a material inconsistency and reduces transparency about what sensitive data the skill needs.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence or elevated privileges. Autonomous invocation is allowed by default (normal for skills) but combined with trading capability means the agent should follow the documented confirmation/dry-run rules.
What to consider before installing
Before installing or enabling this skill: (1) verify the npm package (@pionex/pionex-ai-kit) and its publisher on the npm registry — confirm it is the official Pionex package (check publisher, repo, and recent activity). (2) Ask the skill author/maintainer to fix metadata: the registry should explicitly declare that the skill requires API credentials or a config path (~/.pionex/config.toml) and whether it will attempt to install software. (3) When trying it, use limited-scope API keys (if Pionex supports separate trade vs read-only scopes) and enable IP whitelisting; test with read-only operations first. (4) Ensure the agent enforces the documented dry-run + explicit user confirmation flow for any write operation; do not allow the agent to place live orders without your explicit consent each time. (5) If you cannot verify the npm package or the publisher, inspect the package contents or prefer a vetted client/official plugin. The current metadata/instruction mismatch is the primary red flag — resolve that before handing over credentials or installing the CLI.

Like a lobster shell, security has layers — review code before you run it.

latestvk97evsty8p4jjgabdmb36agfg184zard
60downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@pibrandon
latest
Download

Pionex Trading Skill

Spot order placement and management on Pionex via the pionex-trade-cli CLI. Requires API credentials in ~/.pionex/config.toml (run pionex-ai-kit onboard first).
Security: Pionex API Docs recommend IP whitelisting and never sharing your API Key/Secret.

Prerequisites

  1. Install CLI and configure credentials: 
    npm install -g @pionex/pionex-ai-kit
pionex-ai-kit onboard
  2. Test (read-only): 
    pionex-trade-cli account balance

Skill Routing

  • Market data (price, depth, klines, symbol info) → pionex-market
  • Account balance → pionex-portfolio (or use pionex-trade-cli account balance here when checking before order)
  • Place/cancel orders, open orders, fills → pionex-trade (this skill)
  • Futures grid bot lifecycle (create/adjust/reduce/cancel) → pionex-bot

Command Index (orders & account used by this skill)

CommandTypeDescription
pionex-trade-cli account balanceREADAll spot balances (filter by currency from JSON if needed)
pionex-trade-cli orders new --symbol <s> --side BUY|SELL --type MARKET|LIMIT [--amount | --size] [--price] [--dry-run]WRITECreate order. MARKET buy: use --amount (quote). MARKET sell / LIMIT: use --size (base). LIMIT: add --price
pionex-trade-cli orders get --symbol <s> --order-id <id>READGet one order by ID
pionex-trade-cli orders open --symbol <s>READList open orders for symbol
pionex-trade-cli orders all --symbol <s> [--limit <n>]READOrder history (filled/cancelled)
pionex-trade-cli orders fills --symbol <s> [--startTime] [--endTime]READFills (executed trades)
pionex-trade-cli orders fills_by_order_id --symbol <s> --order-id <id>READFills for one specific order
pionex-trade-cli orders cancel --symbol <s> --order-id <id> [--dry-run]WRITECancel one order
pionex-trade-cli orders cancel_all --symbol <s> [--dry-run]WRITECancel all open orders for symbol

Symbol info (min size, precision) before placing orders: use pionex-marketpionex-trade-cli market symbols --symbols BTC_USDT.

1. When to use this skill

Use pionex-trade when the user wants to:

  • Place a spot order (market or limit buy/sell).
  • Cancel an order or all orders for a symbol.
  • Query open orders, order history, or fills.

Do not use for: only checking prices or order book (use pionex-market); only checking balance (pionex-portfolio, or pionex-trade-cli account balance as part of a trade flow).

2. General rules

  1. Explicit parameters — Do not guess symbol, side, or size. If unclear, ask the user for: symbol (e.g. BTC_USDT), side (BUY/SELL), type (MARKET/LIMIT), and amount or size.
  2. Prefer dry-run then confirm — For any write (new order, cancel, cancel_all), run with --dry-run first when supported, show the user what would be done, then ask for confirmation before running without --dry-run.
  3. Do not increase risk without telling the user — No larger size, no extra orders, without explicit user agreement.
  4. On errors — Explain and suggest next steps (e.g. adjust size to min, or check balance).

3. Balance-aware order flow

When the user asks to buy with a quote amount (e.g. “buy BTC with 1000 USDT”):

  1. Check balance

    pionex-trade-cli account balance

    From the JSON result, read the available balance for the quote asset (e.g. USDT). There is no --asset flag; the command returns all currencies.

  2. Compare to requested amount

    • If available < requested: do not place the order. Tell the user the available balance and requested amount; suggest reducing amount or skipping.
    • If available ≥ requested: proceed with order flow (still prefer dry-run + user confirm).

  3. Example

    • User: “Buy BTC with 1000 USDT.”
    • Agent: run pionex-trade-cli account balance → if USDT available is 600, reply: “Your available USDT is 600, less than 1000. Should I place a market buy for 600 USDT instead? I’ll use --dry-run first.”
    • Only after user confirms, run e.g. pionex-trade-cli orders new --symbol BTC_USDT --side BUY --type MARKET --amount 600 (and optionally run with --dry-run first, then without after confirm).

4. Min size / “amount too small” errors

If the API returns an error about minimum order size or notional (e.g. minimum notional 10 USDT):

  1. Get symbol rules

    pionex-trade-cli market symbols --symbols BTC_USDT

    Use the result to see min size, min notional, step size.

  2. Suggest a valid size — Round to the required precision and ensure notional ≥ min notional. Explain to the user: original request, exchange minimum, and suggested size.

  3. Confirm then retry — After user agrees, place the order again (prefer --dry-run first).

5. Order commands (exact CLI)

  • Market buy (quote amount)
    pionex-trade-cli orders new --symbol BTC_USDT --side BUY --type MARKET --amount 100

  • Market sell (base quantity)
    pionex-trade-cli orders new --symbol BTC_USDT --side SELL --type MARKET --size 0.01

  • Limit order
    pionex-trade-cli orders new --symbol BTC_USDT --side BUY --type LIMIT --price 50000 --size 0.01

  • Cancel one
    pionex-trade-cli orders cancel --symbol BTC_USDT --order-id 123456

  • Cancel all for symbol
    pionex-trade-cli orders cancel_all --symbol BTC_USDT
    Before running, list what will be cancelled: pionex-trade-cli orders open --symbol BTC_USDT, then confirm with the user.

6. Cancel_all and batch actions

  • Always preview — Before pionex-trade-cli orders cancel_all --symbol <s>, run pionex-trade-cli orders open --symbol <s> and show the user how many orders and for which symbol.
  • Explicit confirmation — e.g. “This will cancel 3 open orders on BTC_USDT. Confirm?” Only then run without --dry-run if applicable.

7. Summary

  • pionex-trade defines how to safely place and cancel spot orders using the pionex-trade-cli CLI.
  • Use pionex-trade-cli account balance to check funds; use pionex-trade-cli market symbols (pionex-market) to respect min size/notional.
  • Prefer --dry-run and user confirmation for writes. Never increase risk without the user’s explicit agreement.

Comments

Loading comments...