ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Okx Trading Analyst

v1.0.0

OKX加密货币技术分析工具 — 使用欧易API获取实时行情数据,计算技术指标(MA、MACD、RSI、布林带等),生成交易信号。当用户需要加密货币行情分析、技术指标计算、或交易信号时触发此skill。

0· 76·0 current·0 all-time
byYirong@erongcao

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for erongcao/erong-okx-trading-analyst.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Okx Trading Analyst" (erongcao/erong-okx-trading-analyst) from ClawHub.
Skill page: https://clawhub.ai/erongcao/erong-okx-trading-analyst
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install erong-okx-trading-analyst

ClawHub CLI

Package manager switcher

npx clawhub@latest install erong-okx-trading-analyst
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description say the skill uses OKX to fetch market data and compute indicators, which matches the code. However the published registry metadata declares no required environment variables or primary credential, while the SKILL.md and scripts clearly expect OKX API key/secret. That mismatch between declared requirements and actual code is incoherent and could mislead users.
!
Instruction Scope
SKILL.md instructs creating a .env with OKX API credentials and running scripts, which aligns with functionality. But runtime behavior goes beyond the README in two ways: (1) quick_check.py persists state under ~/.openclaw/skills/okx-trading-analyst/data/last_state.json (not documented in SKILL.md's file-structure section), and (2) okx_analyst.py defines an NS3 news API base URL (https://api.ns3.ai/feed) not mentioned in the README — the code may call additional external endpoints beyond OKX.
Install Mechanism
No install spec is provided (instruction-only install), and SKILL.md lists simple pip dependencies (requests, pandas, numpy) which matches the Python code. analyze.js uses child_process.execSync to invoke the Python script — expected for a small CLI wrapper. No remote download/extraction behavior was found.
!
Credentials
The skill requires OKX API_KEY and API_SECRET according to SKILL.md and the scripts, which is proportionate for fetching authenticated market endpoints. However the registry metadata incorrectly lists no required env vars. Also the code demands an API_SECRET (sensitive) even though the README says only read permissions are needed; a user should only supply keys with read-only scope and IP restrictions. The secret is requested but not declared in metadata — a transparency issue.
Persistence & Privilege
always:false and the skill is user-invocable (normal). The quick_check script persists state to a file under the user's home (~/.openclaw/skills/okx-trading-analyst/data/last_state.json). This is limited-scope persistence but it is not documented in the metadata and creates files in the user's profile, so users should be aware of this local state storage.
What to consider before installing
This skill mostly does what it says (fetch OKX candles and compute indicators), but several inconsistencies deserve caution: - Metadata vs reality: The registry lists no required env vars, but both SKILL.md and the code require OKX_API_KEY and OKX_API_SECRET. Do not assume a skill needs no secrets when its files ask for them. - Secrets handling: The code asks for your API_SECRET. Provide only read-only API keys with the minimum scope and, if possible, restrict them by IP/whitelist and rotate them after use. Never reuse high-privilege keys. - Undeclared external endpoint: okx_analyst.py defines NS3_BASE (https://api.ns3.ai/feed) which is not mentioned in the README — review the full script to see if it sends any of your data to that service. If you cannot audit the code end-to-end, avoid providing credentials. - Local persistence: quick_check.py writes state to ~/.openclaw/skills/okx-trading-analyst/data/last_state.json. Expect local files to be created; inspect contents if you are concerned about what is stored. - Origin and trust: Source/homepage are unknown. Prefer skills from known authors or with a public repo you can audit. If you decide to install: - Inspect okx_analyst.py and quick_check.py fully (search for network calls, POST requests, or unexpected data uploads). - Run in a sandboxed environment or VM first. - Use read-only OKX keys with minimal privileges and rotate them after testing. - If you don't want any secrets on disk, avoid creating the .env and use mocked/local data instead. If you want, I can scan the remainder of okx_analyst.py (the truncated portion) for uses of NS3_BASE or any other outbound POST/PUT/requests that might transmit data beyond OKX.
scripts/analyze.js:51
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bhwjwzqgnn0frjqpe9rekrh84g50p
76downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
Yirong@erongcao
latest
Download

OKX Trading Analyst

使用欧易OKX API进行加密货币技术分析和交易信号生成。

API配置

你需要在 OKX 交易所申请 API Key(只需要读取权限即可),然后在项目根目录创建 .env 文件:

OKX_API_KEY=your-api-key-here
OKX_API_SECRET=your-api-secret-here

OKX 公开接口免费使用,不需要签名认证,只需要 API Key 即可。

权限要求: 仅需要行情读取权限,不要给交易权限。

功能

  • 实时数据: 获取OKX K线数据和最新行情
  • 技术指标: MA、MACD、RSI、布林带、ATR
  • 交易信号: 综合评分系统,生成买卖建议
  • 多周期: 支持1m/5m/15m/30m/1H/4H/1D等周期

使用方法

命令行

# 分析BTC 4小时周期
python3 scripts/okx_analyst.py BTC-USDT

# 分析ETH 1小时周期
python3 scripts/okx_analyst.py ETH-USDT --timeframe 1H

# 只输出交易信号
python3 scripts/okx_analyst.py BTC-USDT --signal-only

Python调用

from scripts.okx_analyst import OKXAnalyzer

analyzer = OKXAnalyzer()

# 获取数据并分析
df = analyzer.get_klines("BTC-USDT", bar="4H", limit=200)
df = analyzer.calculate_indicators(df)
signals = analyzer.generate_signals(df)

print(f"信号: {signals['recommendation']['signal']}")
print(f"强度: {signals['strength']}/+10")

输出示例

============================================================
📊 BTC-USDT 技术分析报告 (4H周期)
============================================================

【价格信息】
当前价格: $67,423.50

【交易信号】
🟢 温和看涨 (强度: +3/+10)
建议操作: 轻仓试多
止损: $65,423 (-3%)
目标: $70,795 (+5%)

信号详情:
✅ [趋势] MA20 > MA60,中长期趋势向上
✅ [趋势] 价格站上MA20短期均线
✅ [动量] MACD金叉,动量转强
ℹ️ [动量] RSI中性 (58.32)
============================================================

信号说明

强度信号建议
+5以上🟢 强烈看涨逢低做多
+2~+4🟡 温和看涨轻仓试多
-1~+1⚪ 中性观望
-2~-4🟠 温和看跌轻仓试空
-5以下🔴 强烈看跌逢高做空

风险提示

⚠️ 技术分析仅供参考,不构成投资建议。加密货币市场波动剧烈,请严格设置止损。

依赖

pip install requests pandas numpy

文件结构

okx-trading-analyst/
├── SKILL.md
└── scripts/
    └── okx_analyst.py

Comments

Loading comments...