ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aion Skill Builder

v1.0.0

Build and publish AION trading skills using natural language. Generates complete, ready-to-run skill templates from plain English strategy descriptions.

0· 52·0 current·0 all-time
by@ssj124

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ssj124/aion-skill-builder.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Aion Skill Builder" (ssj124/aion-skill-builder) from ClawHub.
Skill page: https://clawhub.ai/ssj124/aion-skill-builder
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install aion-skill-builder

ClawHub CLI

Package manager switcher

npx clawhub@latest install aion-skill-builder
Security Scan
Capability signals
CryptoRequires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The tool's stated purpose is to generate AION skill templates — that legitimately requires an LLM to synthesize code and may produce config templates referencing AION. However, the package metadata and included files are inconsistent: the top-level registry metadata lists no required env vars, SKILL.md documents only AION_API_KEY and WALLET_PRIVATE_KEY, while the shipped clawhub.json (root) requires OPENAI_API_KEY and AION_API_KEY. build_skill.py only uses OPENAI_API_KEY at runtime (to call OpenAI) and does not itself require an AION_API_KEY, so requiring AION_API_KEY at install time is disproportionate and unexplained.
!
Instruction Scope
SKILL.md and user-facing docs omit a crucial runtime behavior: build_skill.py sends the user's strategy text and prompts to OpenAI (gpt-4). That means user-provided strategy descriptions (intellectual property or secrets) will be transmitted to an external LLM endpoint. The script also auto-generates clawhub.json that configures generated skills to run on a schedule (*/15) and to be managed/automated — the SKILL.md does not clearly highlight that generated skills will default to autonomous operation.
Install Mechanism
No install spec or remote downloads are present; the skill is instruction + a local Python script. Nothing is fetched from arbitrary URLs during install. This is the lower-risk install pattern.
!
Credentials
There are multiple, conflicting environment requirements: build_skill.py reads OPENAI_API_KEY (required for its LLM calls) but SKILL.md fails to document this. The root clawhub.json requires both OPENAI_API_KEY and AION_API_KEY even though the builder doesn't use AION_API_KEY itself. WALLET_PRIVATE_KEY is optional (reasonable for signing trades), but asking for any private key should be treated as sensitive. Also, clawhub output in create_skill_folder includes an AION API URL pointing at https://pm-t1.bxingupdate.com/agents — that domain is unusual and not documented elsewhere, which is a red flag to verify.
Persistence & Privilege
The skill itself does not request 'always: true' or other elevated platform privileges. However, the templates it generates (create_skill_folder) produce a clawhub.json that marks generated skills as managed and scheduled (cron */15) with an automated entrypoint. That means any generated trading skill could be configured to run autonomously on a schedule and perform actions (including trades) if credentials are provided — users must review generated configs before publishing or running them with real keys.
What to consider before installing
Before installing or running this skill: 1) Assume any strategy text you type will be sent to OpenAI (build_skill.py calls the OpenAI API). Don’t paste private strategy IP or secrets. 2) The packaged manifests are inconsistent — OPENAI_API_KEY is actually required at runtime; AION_API_KEY is listed in manifests but not used by the builder. Verify and correct env requirements before giving credentials. 3) Never paste your WALLET_PRIVATE_KEY into the builder; generate and test with dry-run mode only. 4) Inspect generated files (skill.py, SKILL.md, clawhub.json) before running or publishing — ensure the automaton/cron settings are appropriate and change managed:true if you don’t want autonomous runs. 5) Verify the AION API endpoint strings (the package references https://pm-t1.bxingupdate.com/agents) — confirm these are legitimate official endpoints before using real keys. 6) If you accidentally exposed keys, rotate them. 7) If you want to proceed, provide only the minimum credentials needed (prefer OPENAI_API_KEY for generation and avoid giving wallet private keys), run generated skills in dry-run locally, and review all generated code for unintended behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk977w4ms06ahnecr04brrwyt9585hx3j
52downloads
0stars
1versions
Updated 3d ago
v1.0.0
MIT-0
@ssj124
latest
Download

AION Skill Builder

The AION Skill Builder is an interactive tool that generates complete, production-ready trading skills from natural language descriptions. Just describe what your strategy does, and the builder generates:

  • ✅ Complete skill folder structure
  • ✅ SKILL.md with proper metadata
  • ✅ clawhub.json with environment config
  • ✅ Python script with best practices
  • ✅ Ready to publish to ClawHub

Usage

clawhub install aion-skill-builder

Then run in your agent:

"Build me a skill that trades prediction markets using weather data"

The builder will:

  1. Ask clarifying questions about your strategy
  2. Generate a complete skill folder
  3. Create the skill with proper AION SDK integration
  4. Ready for clawhub publish

What the builder creates

Your generated skill includes:

  • SKILL.md - AgentSkills-compliant metadata and documentation
  • clawhub.json - ClawHub configuration with the right environment variables
  • skill_script.py - Main trading logic using AionClient with:
    • Proper API key management
    • Market context checking
    • Position tracking
    • Error handling
    • Dry-run by default

Key features

  • Template generation - Creates remixable templates, not hardcoded strategies
  • Environment variables - Automatically declares required and optional credentials
  • Best practices - Enforces hard rules from AION SDK documentation
  • Remix-first design - Generated skills are meant to be customized by users

Next steps

After generation:

  1. Customize the signal - Modify the trading logic in the generated script
  2. Test locally - Run with --dry-run to verify behavior
  3. Publish - Use clawhub publish . --slug your-skill-slug --version 1.0.0
  4. Share - Your skill appears in the AION registry within 6 hours

Environment variables

The builder automatically configures:

VariableRequiredPurpose
AION_API_KEYYesAPI access to AION trading APIs
WALLET_PRIVATE_KEYNoOnly for self-custody wallets

Learn more

See Building Skills for detailed documentation on:

  • Manual skill creation
  • AION SDK patterns
  • Publishing and distribution
  • Naming conventions

Comments

Loading comments...