ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Crypto Trading

Automatically executes trading decisions every 10 minutes using dual AI analysis, technical indicators, and strict risk and position management rules for BTC...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 449 · 6 current installs · 6 all-time installs
by@WuZiMaKi
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The description promises automated trading and market order execution, but the skill declares no exchange integration, no API keys, and no code files. A legitimate trading skill would normally require exchange API credentials and concrete connector code. The SKILL.md lists many project .py files yet none are provided in the package.
!
Instruction Scope
Runtime instructions tell the agent to fetch market data, call Dify AI and OpenClaw, compute orders (order_amount.py), execute market orders, and write logs to specific user paths (/Users/...). These instructions reference local project files and user home paths that are not part of the skill and do not declare the external endpoints, credentials, or scheduling mechanism. The guidance is both vague (no API endpoints or auth) and expansive (filesystem writes, executing trades).
Install Mechanism
There is no install spec (instruction-only), which is low risk in isolation. However, because SKILL.md expects local project files and executables, the lack of an install or bundled code makes the skill incomplete and increases the chance that an agent will attempt unsafe actions (searching for files, invoking local scripts) to satisfy the instructions.
!
Credentials
The skill declares no required environment variables or primary credential, yet its operation would reasonably require sensitive secrets (exchange API keys/secret, API keys for Dify/OpenClaw/qwen). The absence of declared credentials is a mismatch — either the skill omitted required sensitive inputs, or it expects to read unspecified local credentials/configs (the SKILL.md references user config paths). Both are disproportionate and unexplained.
Persistence & Privilege
always:false (not force-included) and autonomous invocation enabled (default). Autonomous invocation plus the ability to execute trades would increase blast radius if the skill were given credentials, but autonomous invocation alone is normal. Still, combining autonomous operation with the trading actions described would be high-risk — confirm explicit user consent and credential scoping before use.
What to consider before installing
Do not install or grant credentials yet. This skill is incomplete and inconsistent: it references local Python files and user directories that are not provided, and it describes executing live market orders while declaring no exchange/API credentials or endpoints. Before proceeding, ask the author to: (1) provide the missing code or a clear install procedure, (2) list exactly which exchange(s) are supported and how API keys should be supplied and scoped, (3) show how Dify/OpenClaw are called (endpoints, required keys), (4) remove or explain hard-coded local file paths and confirm where logs and state will be stored, (5) provide a way to run in read-only/simulated mode for testing, and (6) supply a security review or provenance for the code. If you must test, do so only in a tightly sandboxed environment with no real exchange credentials (use paper/simulated accounts) and only after reviewing the actual code that will be executed.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97179cnpwb1sep1tg7nep9va1826ag6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

CryptoTrading AI 交易代理技能

PAI CryptoTrading 项目的核心交易决策技能 @version 1.0.0

🎯 目标

  • 每 10 分钟自动执行交易决策循环
  • 整合 Dify AI + OpenClaw 双分析
  • 应用经验规则 (R001-R006) 验证决策
  • 自动记录决策和交易结果

📋 核心流程

1. 行情获取 (Data Collection)

- 获取 BTC/ETH/BNB 1h K 线数据
- 获取订单簿深度数据
- 计算技术指标:RSI, MACD, 布林带
- 获取账户持仓和余额

2. AI 决策 (AI Decision)

- 调用 Dify AI 获取市场分析
- 调用 OpenClaw (qwen3.5-plus) 获取独立分析
- 对比两种分析结果
- 生成最终决策:BUY/SELL/HOLD

3. 规则验证 (Rule Validation)

R001: 4h 趋势过滤 - 1h 信号必须与 4h 同向
R002: 置信度校准 - 单一指标上限 0.55
R003: 交易频率控制 - 单币种每日≤3 笔
R004: 止损纪律 - 5% 止损,盈利 10% 移动止损
R005: 仓位管理 - 单币种≤25%,默认 10%
R006: 聚焦主流币 - BTC/ETH/BNB

4. 交易执行 (Trade Execution)

- 计算交易数量 (使用 order_amount.py)
- 执行市价单
- 记录执行结果
- 更新持仓状态

5. 记忆记录 (Memory Logging)

- 保存决策到 memory/trading/YYYY-MM-DD.md
- 更新 memory/crypto_trading_state.json
- 双分析对比落库 (ai_analysis_comparison 表)

🔧 工具

  • core/data_collector.py - 行情数据收集
  • core/autonomous_ai.py - AI 决策引擎
  • core/enhanced_trade_executor.py - 交易执行器
  • core/risk_manager.py - 风险管理
  • core/experience_analyzer.py - 经验分析器
  • validate_ct_execution.py - 执行验证脚本

📊 成功标准

  • ✅ 每 10 分钟完成一次决策循环
  • ✅ 双分析对比落库成功
  • ✅ 交易执行准确率 > 95%
  • ✅ 止损执行率 100%

🔄 改进记录

日期改进内容
2026-03-03修复 position_size 计算错误
2026-03-03添加 OpenClaw 双分析对比
2026-03-02实现经验规则 R001-R006

📁 相关文件

  • /Users/zst/Documents/ML/CryptoTrading/ - 主项目目录
  • /Users/zst/clawd/memory/trading/ - 交易日志
  • /Users/zst/clawd/memory/trading_rules.md - 规则库
  • /Users/zst/clawd/memory/trading_mistakes.md - 错误清单

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…