ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Matic Trades

v1.0.0

Matic Trades API — AI toolbox (AI_PICK), Twelve Data (SMART_SEARCH), autonomous charting. Use for stocks, crypto, indicators, charts, news, sentiment. Trigge...

0· 103·0 current·0 all-time
by@ortmind

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ortmind/matic-trades.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Matic Trades" (ortmind/matic-trades) from ClawHub.
Skill page: https://clawhub.ai/ortmind/matic-trades
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install matic-trades

ClawHub CLI

Package manager switcher

npx clawhub@latest install matic-trades
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, README, SKILL.md, and the CLI all consistently describe a trading / charting client for Matic Trades (toolbox AI_PICK, SMART_SEARCH, chart agent). Requiring a MATIC_API_KEY (or alias) is expected. However the registry metadata lists 'Required env vars: none' while SKILL.md and scripts require a key — this mismatch is an incoherence in the packaging/manifest.
Instruction Scope
SKILL.md instructs the agent to run the bundled Python CLI with the user's natural-language prompt only, to parse returned JSON, and to only target MATIC_TRADES_API_BASE paths. The bundled script only reads the API key and optional base URL, posts to the documented endpoints, and prints JSON or error messages. There are no instructions to read unrelated files, other env vars, or to send data to third-party hosts.
Install Mechanism
This is an instruction-only skill with a small included Python script using only stdlib urllib; there is no installer, no downloads, and nothing writes arbitrary code to disk. Low install risk.
!
Credentials
The runtime requires a bearer API key (MATIC_API_KEY or MATIC_TRADES_API_KEY) and optionally MATIC_TRADES_API_BASE — those are proportionate for a hosted API client. The concern is the manifest/registry metadata incorrectly advertises 'no required env vars', which could mislead users/tools about secrets required and where to provide them. Confirm the registry entry before trusting automated installers or permission checks.
Persistence & Privilege
No 'always: true', no install hooks, and the skill does not modify other skills or system settings. Default autonomous invocation is allowed (platform default) but that is not combined here with broad privileges or extra credentials.
What to consider before installing
This skill's code and instructions look consistent with a trading API client and legitimately require a single API key. Before installing: (1) verify and correct the registry metadata so it declares MATIC_API_KEY (or MATIC_TRADES_API_KEY) as required—don't rely on the registry claim of 'no env vars'; (2) ensure any API key you provide has limited scope and can be revoked (use a dedicated key for this skill); (3) confirm the default base URL (https://api.matictrades.com/api/v1) is the official endpoint you expect; (4) test the skill with a non-production key or limited account to observe behavior; (5) if you use automated deployment tools, make sure they surface the required env var so you don't accidentally expose the key. If you need higher assurance, ask the publisher to update the manifest/registry entry and provide a signed/reputable source or homepage.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📈 Clawdis
latestvk979h3jmv6wtecgacb87f5qafs83c108
103downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@ortmind
latest
Download

Matic Trades

This skill tells you how to call Matic Trades from OpenClaw using the bundled script. Keep instructions short: run the script, pass the user’s words as --prompt, return a clear summary (and image URLs when present).

How OpenClaw uses this

  • Skills are markdown + optional files; the model follows this file when the task matches the description.
  • Prefer python3 "{baseDir}/scripts/matic.py" … so requests stay consistent with the real API (no hand-rolled JSON in chat).
  • After the script prints JSON, summarize for the user; don’t dump raw JSON unless they ask.

Docs: OpenClaw — Creating skills, Skills loading.

Config

VariableRequiredPurpose
MATIC_API_KEYYesBearer token (same as dashboard API key). Alias: MATIC_TRADES_API_KEY.
MATIC_TRADES_API_BASENoDefault https://api.matictrades.com/api/v1 (no trailing slash). Override if your deployment uses another host.

Never print or log the API key.

1) Toolbox — AI_PICK (default for “use Matic tools”)

What the API does: POST /toolbox/execute with mode: AI_PICK. The server uses the prompt alone to decide which tools to run (e.g. chart_analysis, market_news, social_search), then executes them. context is not required and is not what drives tool selection in normal use—put everything important in the prompt (tickers, timeframe, what they want).

Minimal request body (this is correct):

{ "mode": "AI_PICK", "prompt": "User’s full request in natural language" }

Run:

python3 "{baseDir}/scripts/matic.py" toolbox --prompt "USER_TEXT_HERE"

Examples (prompt-only):

  • toolbox --prompt "Unusual options activity and any relevant news today"
  • toolbox --prompt "Chart and sentiment for NVDA — focus on near-term levels"
  • toolbox --prompt "Crypto whale moves and what people are saying on social"

Do not require or invent a context object for AI_PICK unless you are implementing a documented advanced API feature (e.g. custom_handlers from Matic’s API docs). For ClawHub users, prompt-only is the supported path.

2) Data — SMART_SEARCH (Twelve Data via natural language)

What the API does: POST /data/execute with mode: SMART_SEARCH. The server maps the prompt to an allowed Twelve Data endpoint and parameters.

Run:

python3 "{baseDir}/scripts/matic.py" data --prompt "USER_TEXT_HERE"

Optional hints only if the user gave them: --symbol AAPL, --interval 1day. The API still centers on prompt for SMART_SEARCH.

3) Agent charting — autonomous charts + analysis

What the API does: POST /agent/chart/autonomous — multi-step chart agent; can return image URLs or base64 in snapshots.

Run:

python3 "{baseDir}/scripts/matic.py" chart --prompt "USER_TEXT_HERE" --images url

Use --images url when the client can open links; b64 or both if the UI supports inline images.

Optional: --max-actions N, --model MODEL (see references/api.md).

Which command when?

User goalCommand
Broad research, multiple possible tools, news/social/chart mixtoolbox (AI_PICK, prompt only)
“Get RSI / price / indicator / series for …” in plain Englishdata (SMART_SEARCH)
“Walk through charts”, “show me the chart”, visual narrativechart

Chaining: Only if it clearly helps—e.g. data for numbers, then toolbox for synthesis, or chart for visuals. Avoid redundant double calls.

Response handling

  • Parse JSON stdout; explain tool_runs / analysis / data in plain language.
  • If snapshots.pre_url, snapshots.post_url, or URLs appear in outputs, give the user those links.

Errors

  • 401 — Missing/wrong MATIC_API_KEY.
  • 429 — Rate limit; slow down or check plan.
  • Quota / billing messages — Point to Matic dashboard.

Files

  • references/api.md — request/response shapes.
  • README.md — install, ClawHub upload, env setup.

Scope

Only call matic.py with user-supplied prompt text (sanitized for shell if needed). HTTP targets only MATIC_TRADES_API_BASE paths used by this script. No arbitrary curl to other hosts with user data.

Comments

Loading comments...