ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Crypto Arbitrage Monitor

v1.0.0

加密货币跨交易所套利监控器 - 实时监控BTC/ETH/SOL等主流币种在不同交易所的价差,发现套利机会并发送飞书/Telegram预警。支持自动计算手续费后净利润。

0· 141·0 current·0 all-time
by@oceanking57

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for oceanking57/crypto-arb-monitor.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Crypto Arbitrage Monitor" (oceanking57/crypto-arb-monitor) from ClawHub.
Skill page: https://clawhub.ai/oceanking57/crypto-arb-monitor
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install crypto-arb-monitor

ClawHub CLI

Package manager switcher

npx clawhub@latest install crypto-arb-monitor
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code uses ccxt to fetch tickers and requests to post Feishu/Telegram alerts, which matches the stated purpose. Nothing in the code requires unrelated cloud credentials. Minor mismatches: SKILL.md / README mention additional files (config.py, alerts.py) and more exchanges than the included Config, but the single monitor.py implements the functionality.
!
Instruction Scope
SKILL.md instructs installing python-dotenv and shows a config.py-based workflow, but the shipped package contains no config.py or alerts.py — Config is embedded in monitor.py. The docs encourage pasting webhook/bot tokens into a file (monitor.py or config), which risks secret leakage (e.g., accidental commits). The instructions do not ask to read unrelated files or system secrets, but the mismatch between docs and code is confusing and unsafe in practice.
Install Mechanism
No install spec is provided (instruction-only), and dependencies are standard PyPI packages (ccxt, requests, python-dotenv). This is typical and low-risk, but SKILL.md/README recommend installing python-dotenv even though the provided monitor.py does not use dotenv; this inconsistency should be clarified.
Credentials
No environment variables or external credentials are declared by the registry metadata. The tool requires webhook URLs and Telegram bot token/chat_id to send alerts, which is proportional to its purpose. However, the code/documentation encourage placing these secrets directly in source/config files instead of using secure env vars or secret stores, increasing risk of accidental exfiltration or repository leakage.
Persistence & Privilege
The skill does not request elevated privileges or persistent platform-wide presence (always:false). It writes a local log file ('arb_monitor.log') and runs continuously if invoked; this is consistent with a monitoring tool and not excessive.
What to consider before installing
This skill appears to implement cross‑exchange price monitoring and alerting as claimed, but there are several red flags to address before running it with real credentials: - Documentation/code mismatch: SKILL.md and README reference files (config.py, alerts.py) and use of dotenv that are not present; the shipped monitor.py embeds Config. Review the full monitor.py to confirm what it does (the provided snippet was truncated here). - Secret handling: The instructions lead you to paste Feishu webhook and Telegram bot token/chat_id into the config/source file. Do NOT commit secrets to source control. Prefer environment variables or a secrets manager and avoid plain-text credentials in files. - Network behavior: The program makes outbound calls to exchange public APIs (via ccxt) and to Feishu/Telegram endpoints — this is expected, but verify the webhook URLs you provide and use test/dummy webhooks first. - Logging: The script writes arb_monitor.log in the working directory; logs may contain sensitive timestamps/prices — store logs securely or rotate them. - Dependency trust: It uses common PyPI packages (ccxt, requests). Install from PyPI only and consider pinning versions. - Operational risks: The tool is monitoring-only (no trading). Do not assume it will execute trades. Be aware of race/latency and execution risks described in the README. Actions before installing: inspect the complete monitor.py source (ensure there is no hidden exfiltration or obfuscated code), clarify where/how to store secrets safely, run first with dummy webhooks, and run in an isolated environment (container/VM) if you plan to add real credentials. If you want, I can list specific lines to inspect or suggest a safer config pattern using environment variables.

Like a lobster shell, security has layers — review code before you run it.

latestvk973m51jsg6cwzpmrztrmme95583avq0
141downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@oceanking57
latest
Download

Crypto Arbitrage Monitor 🔍💰

跨交易所加密货币套利机会监控器

实时监控主流加密货币在不同交易所之间的价格差异,发现套利机会并推送预警。

功能特性

  • ✅ 支持 Binance / OKX / Bybit / Huobi 等主流交易所
  • ✅ 监控 BTC / ETH / SOL / XRP / DOGE 等热门币种
  • ✅ 自动计算扣除手续费后的净利润
  • ✅ 飞书/Telegram实时预警推送
  • ✅ 可配置价差阈值和监控频率
  • ✅ 历史套利机会记录和统计

快速开始

1. 安装依赖

pip install ccxt requests python-dotenv

2. 配置

# config.py
CONFIG = {
    "exchanges": ["binance", "okx", "bybit"],
    "symbols": ["BTC/USDT", "ETH/USDT", "SOL/USDT", "XRP/USDT", "DOGE/USDT"],
    "min_spread_percent": 0.5,  # 最小价差百分比(扣除手续费后)
    "trading_fee_percent": 0.1,  # 单边手续费百分比
    "check_interval_seconds": 60,  # 检查间隔
    "alert_channels": {
        "feishu_webhook": "",  # 飞书机器人webhook地址
        "telegram_bot_token": "",  # Telegram Bot Token
        "telegram_chat_id": "",  # Telegram Chat ID
    }
}

3. 运行

python monitor.py

使用场景

场景说明
手动套利发现价差后手动在两个交易所分别买卖
网格交易辅助配合网格策略,在价差扩大时增加仓位
市场监控了解不同交易所的流动性差异
量化策略输入将价差数据作为量化交易信号

套利计算公式

净利润 = (高价交易所卖出价 - 低价交易所买入价) / 低价交易所买入价 × 100% - 2 × 手续费%

只有当净利润 > 阈值时才触发预警。

风险提示

  • ⚠️ 价差可能在执行过程中消失(执行风险)
  • ⚠️ 需要两个交易所都有资金(资金效率)
  • ⚠️ 提币/转账需要时间(时间风险)
  • ⚠️ 交易所可能有提币限制(流动性风险)
  • ⚠️ 本工具仅供监控参考,不构成投资建议

文件结构

crypto-arb-monitor/
├── SKILL.md          # 技能说明
├── monitor.py        # 主监控脚本
├── config.py         # 配置文件
├── alerts.py         # 预警推送模块
├── requirements.txt  # Python依赖
└── README.md         # 使用说明

版本历史

  • v1.0.0 (2026-03-21): 初始版本,支持多交易所价差监控

Comments

Loading comments...