ClawHub

Miraix Binance Agent Firewall

Use this skill when the user wants to audit a Binance trading prompt, decide whether an AI trader should get Binance account permissions, return Pass/Warn/Bl...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 22 · 0 current installs · 0 all-time installs
by@richard7463
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md tells the agent to POST the trading prompt and optional symbols to Miraix endpoints to receive a safety verdict, guardrails, and a safe rewrite. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions are scoped to extracting the user's trading prompt/symbols and sending them to https://app.miraix.fun/api/binance-agent-firewall, then formatting the returned JSON. This is coherent, but it means user-supplied prompts (which might accidentally include secrets or private account details) are transmitted to a third party. The SKILL.md does explicitly state it uses Miraix public endpoints and not private Binance access.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk and nothing is installed.
Credentials
The skill declares no environment variables, credentials, or config-path access. It does not request unrelated secrets or cloud credentials.
Persistence & Privilege
always:false and no install behavior. The included agents/openai.yaml sets allow_implicit_invocation: true, so the agent may invoke the skill implicitly; this is expected and not by itself a red flag, but it means prompts can be sent to the external endpoint without an explicit user-visible step if the agent chooses to use the skill.
Assessment
This skill is coherent and does what it says, but it sends whatever you give it (the trading prompt and symbols) to a third-party endpoint (app.miraix.fun). Do not paste private API keys, account passwords, or other secrets into the prompt. If you need to evaluate prompts that contain sensitive account details, redact or replace secrets before using this skill. Also be aware that the share-image endpoint encodes the payload in the URL, which can expose data in logs or browser histories—avoid including sensitive data there. If you want stronger privacy, request a local or self-hosted alternative or review Miraix's privacy/terms before sending production data.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97714qpp48sxsgsav9tfwdtnn831st7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Miraix Binance Agent Firewall

Use this skill to judge whether an AI trading prompt is safe enough to touch a Binance account. It is backed by Miraix public endpoints and Binance public market data.

Public endpoints:

  • Audit API: https://app.miraix.fun/api/binance-agent-firewall
  • Share image: https://app.miraix.fun/api/binance-agent-firewall/share-image

When to use it

  • The user pasted a Binance or crypto trading prompt and wants a safety audit.
  • The user asks whether an AI trader should get spot, futures, margin, transfer, or withdraw permissions.
  • The user wants guardrails, a permission plan, or a probation profile before enabling automation.
  • The user wants a safer rewrite of a risky trading prompt.
  • The user wants a share card, screenshot, or X post for the firewall result.

Workflow

  1. Extract the raw trading prompt from the request. If none is provided, ask for it.
  2. Extract Binance symbols if the user gives them. If they do not, send an empty list and let the API infer context from the prompt.
  3. Run:
curl -sS -X POST https://app.miraix.fun/api/binance-agent-firewall \
  -H 'Content-Type: application/json' \
  -d '{"prompt":"<raw-trading-prompt>","symbols":["<symbol-1>","<symbol-2>"]}'

  1. Base the answer on the returned JSON. The most important fields are:

    • status
    • safetyScore
    • verdict
    • summary
    • findings
    • guardrails
    • permissionPlan
    • probationProfile
    • safePrompt
    • shareText

  2. If the user wants the safest possible operating version, prefer safePrompt over inventing a new rewrite.

  3. If the user wants a share card, build a payload with:

    • status
    • safetyScore
    • verdict
    • summary
    • primaryFinding
    • primaryGuardrail
    • symbols
    • dimensions
    • generatedAt

    Then URL-encode the JSON and append it to:

https://app.miraix.fun/api/binance-agent-firewall/share-image?payload=<urlencoded-json>
  1. If the user wants a social post, start from shareText and adapt the tone instead of rewriting the whole result from scratch.

Output guidance

  • Lead with the verdict and safety score.
  • Then show the top findings and the recommended permission plan.
  • Then show the probation profile and the safe rewrite.
  • Do not claim private Binance account access. This skill uses Binance public market data plus Miraix scoring logic.
  • If futuresDataAvailable is false, say funding data was unavailable instead of making it up.
  • If the API fails, surface the error clearly and suggest retrying with a cleaner prompt or a tighter symbol list.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…