ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Okx Strategy Factory

v2.0.1

Agent Team 工厂:协调 5 个 AI Agent(Strategy/Backtest/Infra/Publish/Iteration)完成 OKX OnchainOS 链上交易策略的全生命周期——开发、回测、部署、发布、迭代。支持多策略并行,每个策略独立状态管理。触发词:策略开发、agent team、...

0· 211·0 current·0 all-time
by@synththoughts

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for synththoughts/okx-strategy-factory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Okx Strategy Factory" (synththoughts/okx-strategy-factory) from ClawHub.
Skill page: https://clawhub.ai/synththoughts/okx-strategy-factory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install okx-strategy-factory

ClawHub CLI

Package manager switcher

npx clawhub@latest install okx-strategy-factory
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (develop/backtest/deploy/publish on OKX OnchainOS) legitimately requires onchainos CLI, OKX API credentials, an agent wallet and deploy tooling (SSH/pm2). However the registry metadata lists no required env vars or binaries. Additionally SKILL.md references ./deploy.sh but no deploy.sh is present in the bundle, suggesting missing pieces or reliance on external scripts—this mismatch between declared requirements and actual needs is incoherent.
Instruction Scope
Runtime instructions are narrowly focused on the pipeline (reading roles/, references/, assets/, gating, generating files under Strategy/). They direct agents to run local scripts (assets/publish.sh, hooks/*.sh) and to invoke an onchainos CLI wrapper (via subprocess) for wallet/swap/gateway operations. The instructions do not attempt broad system access beyond the repo tree, but they do require access to credentials and to run deploy/publish procedures that can perform network operations (git push, SSH to VPS, onchainos calls).
Install Mechanism
There is no install spec (instruction-only skill + shipped scripts). No remote downloads or packaged installers are used in the bundle, which reduces supply-chain risk. The provided bash scripts are plain-text and not obfuscated; they perform local file checks, git operations, and gating logic.
!
Credentials
Although the skill bundle itself does not declare required environment variables, the docs and references explicitly expect OKX API keys (OKX_API_KEY, OKX_SECRET_KEY, OKX_PASSPHRASE), an agentic wallet for TEE signing, and optionally 1Password CLI. Those credentials are necessary for the stated purpose (on-chain trading), so their absence from declared requirements is an important inconsistency the user should note before providing secrets.
Persistence & Privilege
The skill does not request always:true and does not declare modifications to other skills or global agent settings. Its scripts operate on repository files (Strategy/*) and can run git push / SSH via deploy/publish workflows — normal for a deployment pipeline but requires user-controlled credentials/targets.
What to consider before installing
What to check before installing or running this skill: - Do not supply OKX API keys, SSH credentials, or 1Password/secret CLI access to this skill unless you trust the author and understand the deployment targets. The README and references expect OKX API keys and an agent wallet, but the registry metadata did not declare them — this mismatch is suspicious. - Review the bundled scripts (assets/publish.sh, hooks/*.sh) and any deploy.sh referenced by SKILL.md. publish.sh can run git commit/push and copy user-specified scripts; ensure any git remote/credentials and the intended commit/push behavior are safe for your environment. - Note deploy.sh is referenced but not included in the package. Confirm where deploy.sh should come from and inspect it before running; automatic deployment to a VPS will require SSH access and can affect live systems. - Test in a sandbox repository / isolated environment first (no real keys, no real VPS) to observe what files the skill reads/writes and what commands it would execute. - If you plan to run real backtests or deploy live, provide credentials via a managed secret store (not direct chat) and limit the keys' scope (trade permissions, restricted IPs) and balance exposure. - If you need clarity from the author: ask where deploy.sh comes from, which git remotes the publish script will push to, and whether the skill collects or transmits any telemetry externally. If the answers are unclear or absent, avoid giving secrets or running deploy/publish steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk97be15fj44eykp3v1phbrx6cn839dvc
211downloads
0stars
3versions
Updated 2h ago
v2.0.1
MIT-0
@synththoughts
latest
Download

OKX Strategy Factory — Agent Team

协调 5 个专家 Agent 完成交易策略全生命周期。Lead 只协调不写代码。

Strategy → Backtest → Infra(deploy) → LIVE
              ↑          ↑ (parallel)
              │        Publish → GitHub Release
              │
         Iteration ← (定时/手动复盘)

这是文件夹 Skill。按需读取 roles/references/assets/,不要一次性加载全部。

Strategy Selection

Lead 启动 Pipeline 时必须指定策略名称 {strategy},所有路径和状态按策略隔离。

  • 已有策略: grid-tradingcl-lp-rebalancer
  • 新策略: 指定新名称即可,自动创建 Strategy/{strategy}/ 工作空间
  • 每个策略拥有独立的 Strategy/{strategy}/state.json,互不干扰
  • 同一时间可有多个策略处于不同阶段(如 grid-trading 在 LIVE,cl-lp-rebalancer 在 BACKTEST)

When to Use

  • 开发新交易策略 → Lead 指定 {strategy} 名称,读 roles/lead.md,spawn strategy + backtest
  • 回测 → spawn backtest,读 roles/backtest.md,指定 {strategy}
  • 部署到 VPS → spawn infra,读 roles/infra.md,指定 {strategy}
  • 发布为独立 Skill → spawn publish,读 roles/publish.md,指定 {strategy}
  • 迭代/复盘 → spawn iteration,读 roles/iteration.md,指定 {strategy}
  • 全流程 → spawn 全部 teammate,Lead 指定 {strategy} 后协调

示例:

"启动 grid-trading 策略的回测"
"为 cl-lp-rebalancer 执行全流程 Pipeline"
"新建策略 momentum-breakout,从 Step 1 开始"

Pipeline: Execution Steps

CRITICAL RULE: Steps MUST execute in order. Do NOT skip steps or proceed past a gate.

Step 1: Strategy Development

Load: roles/lead.md(第一跳流程)+ roles/strategy.md + references/api-interfaces.md + references/strategy-lessons.md

Actions:

  1. Lead 从主窗口讨论中提炼需求,填写 templates/requirements.md 模板,写入 Strategy/{strategy}/requirements.md
  2. Lead 展示需求给用户确认(用户可修正)
  3. 确认后 spawn strategy teammate,prompt 指向需求文件
  4. Strategy agent 输出到 Strategy/{strategy}/Script/v{version}/
  5. Lead 验证产出完整性

Gate (ALL must pass):

  • strategy.js.ts 存在,无硬编码参数
  • config.json 存在,所有可调参数已外置
  • risk-profile.json 存在且字段完整(校验 references/risk-schema.json
  • README.md 存在,含收益预期和适用市场条件

Step 2: Backtest Validation

Load: roles/backtest.md

Input: Step 1 输出的 Strategy/{strategy}/Script/v{version}/

Actions:

  1. Spawn backtest teammate
  2. 拉取历史行情数据
  3. 运行回测,输出到 Strategy/{strategy}/Backtest/v{version}/
  4. 执行 Compliance Check:实际指标 vs risk-profile.json 声明值

Gate:

  • Compliance 全部 PASS + Sharpe > 1.0 + Win Rate > 40% → PASS
  • 任一 Compliance FAIL → FAIL,退回 Step 1 附失败详情
  • Compliance PASS 但指标 borderline → CONDITIONAL,请用户决定

Step 3: Local Validate + Deploy to VPS

Load: roles/infra.md

Input: 通过回测的策略版本

Actions:

  1. Spawn infra teammate
  2. 本地验证: ./deploy.sh {strategy} validate — 3 tick dry-run,验证启动 + RPC + 钱包
  3. 本地验证通过后,./deploy.sh {strategy} production — 部署到 VPS
  4. 健康检查通过后更新 VERSION

Gate (Local):

  • 本地 3 tick dry-run 全部成功
  • onchainos 连接 + 价格/余额查询正常
  • 失败 → 退回 Step 1 修复

Gate (Production):

  • 进程存活(pm2 status → "online")
  • 启动 10s 内无错误日志
  • 失败 → 自动回滚到上一版本

Step 4: Publish as Skill

Load: roles/publish.md + assets/product-skill-template/

Input: 通过回测的策略 + deploy 成功确认

Actions:

  1. Spawn publish teammate(可在 Step 3 并行开始抽象)
  2. assets/product-skill-template/ 读取产品 Skill 模板
  3. 生成独立 Skill 包到 {strategy}/(仓库根目录下,与策略同名)
  4. GitHub release 等待 Step 3 成功后执行

Gate:

  • manifest.json 存在(Single Source of Truth)
  • 三平台 adapter 均已生成(SKILL.md / agents.md / openclaw.yaml)
  • install.sh 存在且可执行
  • GitHub tag + release 创建成功

Step 5: Iteration (Post-LIVE)

Load: roles/iteration.md

Input: 链上交易记录 + 行情数据

Actions:

  1. Spawn iteration teammate(定时或手动触发)
  2. 分析表现、提取因果关系、输出优化方案
  3. 输出到 Strategy/{strategy}/Iteration/v{version}-review-{date}.md
  4. 用户确认后 → 回到 Step 1 生成新版本 → 必须重走 Step 2

Gate:

  • 优化方案已输出
  • 用户在聊天中确认 — 绝不自动执行
  • 新版本回到 Step 1,必须走完整 Pipeline

State Machine

每个策略独立维护状态,互不影响。

DRAFT → BACKTEST → PASSED → LOCAL_VALIDATING → LOCAL_VALIDATED → DEPLOYING → LIVE → ITERATION_REVIEW
                 → FAILED → DRAFT (revision)
                 → CONDITIONAL → (user decides)
LOCAL_VALIDATING → LOCAL_FAILED → DRAFT (fix issues)
DEPLOYING → DEPLOY_FAILED → rollback + DRAFT or retry
ITERATION_REVIEW → APPROVED → DRAFT (new version, must re-backtest)
                 → REJECTED → LIVE (keep current)

Track in Strategy/{strategy}/state.json。Log every transition: [STATE] {strategy} v{ver}: {OLD} → {NEW} | {reason}

Failure & Rollback

IF Step N fails for strategy {strategy}:
  1. Log failure reason to Strategy/{strategy}/state.json
  2. Step 2 fail → 退回 Step 1(Strategy 修订),附失败详情
  3. Step 3 fail → Infra 自动回滚到上一版本
  4. Step 4 fail → 不影响线上运行,可重试 Publish
  5. Step 5 fail → 保持当前版本,通知用户
  6. DO NOT proceed to next step

Anti-Patterns

PatternProblem
Lead 自己写代码Lead 只协调,代码由 Strategy agent 写
跳过 Backtest 直接部署包括 Iteration 新版本也必须回测
自动执行 Iteration 优化必须用户确认
risk-profile.json 缺失直接 reject,不要"帮忙补全"
同时部署两个版本同一策略同一时间只有一个 DEPLOYING
修改已发布版本目录版本不可变,只能创建新版本
2 次迭代未改善仍继续应建议暂停策略或重新设计
启动 Pipeline 未指定策略名Lead 必须先明确 {strategy},否则拒绝执行

Comments

Loading comments...