ClawHub

Trading Bot Fleet Management: Unified Control for Multi-Bot Operations

v1.3.1

Trading Bot Fleet Management: Unified Control for Multi-Bot Operations. Build a fleet management layer for 10+ trading bots with per-bot identity isolation,...

0· 89·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name and description describe fleet management and the SKILL.md contains architecture guidance and runnable examples for GreenHelix; requiring an AGENT_SIGNING_KEY for per-bot identity/signing is plausible. Minor mismatch: this is an instruction-only guide (no code executed by the skill), so declaring a required primary credential is more of a usage note than an operational necessity — but it is consistent with the guide's examples that show signing requests.
Instruction Scope
The SKILL.md states it is educational and does not execute code or install dependencies and uses the GreenHelix sandbox. The instructions focus on identity, permissions, monitoring, deployments and include example Python and curl snippets. There are no indications the guide instructs reading unrelated system files or exfiltrating unrelated secrets.
Install Mechanism
No install spec and no code files — instruction-only content. This minimizes install-time risk (nothing will be downloaded or written by an installer).
Credentials
Only AGENT_SIGNING_KEY is declared as required. That is a sensitive secret but is directly relevant to the guide's focus on per-bot cryptographic identities and request signing. Users should ensure the key provided is principle-of-least-privilege (scoped) and not a high-privilege production master key.
Persistence & Privilege
always is false, the skill is user-invocable and may be invoked autonomously by the agent (platform default). The skill does not request persistent installation nor modify other skills or system-wide settings.
Scan Findings in Context
[NO_CODE_FILES] expected: The regex scanner had no code to analyze because this is an instruction-only SKILL.md. That is expected for a guide; absence of findings does not guarantee safety of code examples — review examples before running.
Assessment
This skill is an educational guide and appears consistent with its stated purpose, but the AGENT_SIGNING_KEY it requests is a sensitive secret. Before using: (1) do not paste or store production master keys in the skill environment—use sandbox or scoped signing keys; (2) review the full Python and curl examples locally before running them; (3) prefer generating per-bot keys with least privilege and test in the GreenHelix sandbox URL the guide references; (4) be aware that the agent may invoke the skill autonomously (platform default) — avoid granting the skill any real, wide-scope credentials unless you understand and accept the risk.

Like a lobster shell, security has layers — review code before you run it.

ai-agentvk97db5ttm0qkbww1vcwdf6av3d84xfebfleet-managementvk97db5ttm0qkbww1vcwdf6av3d84xfebgreenhelixvk97db5ttm0qkbww1vcwdf6av3d84xfebguidevk97db5ttm0qkbww1vcwdf6av3d84xfebidentityvk97db5ttm0qkbww1vcwdf6av3d84xfeblatestvk97db5ttm0qkbww1vcwdf6av3d84xfebmonitoringvk97db5ttm0qkbww1vcwdf6av3d84xfebopenclawvk97db5ttm0qkbww1vcwdf6av3d84xfebtrading-botvk97db5ttm0qkbww1vcwdf6av3d84xfeb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvAGENT_SIGNING_KEY
Primary envAGENT_SIGNING_KEY

Comments