ClawHub

Orderly Positions Tpsl

v1.0.0

Monitor positions in real-time, configure Take-Profit/Stop-Loss orders, and manage risk with leverage settings

0· 202·1 current·1 all-time
byMario Reder@tarnadas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description align with the SKILL.md content: REST endpoints, React hooks, and examples all target Orderly position management, leverage, and TP/SL functionality.
Instruction Scope
Runtime instructions and code samples focus on position retrieval, closing positions, leverage changes, and TP/SL order creation. There are no instructions to read unrelated system files, scan directories, or exfiltrate data to third-party endpoints.
Install Mechanism
No install spec or code files are included (instruction-only). This is the lowest-risk install model because nothing is written to disk by the skill package itself.
Credentials
The SKILL.md explicitly requires an Orderly API key with `read` and `trading` scopes, but the skill metadata declares no required environment variables or primary credential. That mismatch means the skill expects credentials at runtime but does not document where/how they should be provided — be cautious about supplying trading-scoped keys.
Persistence & Privilege
The skill is not marked always:true and uses default invocation settings. It does not request persistent system-level privileges or modify other skills' configs.
Assessment
This skill appears to be what it says: an Orderly position and TP/SL helper with examples and API calls. However, it requires an Orderly API key with trading scope (able to place/modify orders) but the package metadata does not declare or manage that credential. Before installing or enabling the skill: (1) Confirm the exact API host/domain you will be calling (ensure it is the official Orderly API), (2) only provide API keys with the minimal necessary scopes and consider using a restricted subaccount or testnet key, (3) avoid giving long-lived or broadly scoped trading keys — prefer ephemeral tokens or keys with IP restrictions if available, (4) understand that the agent can invoke skills autonomously (default), and because this skill can place orders you should only permit it if you trust the skill source, and (5) test with small or simulated positions first. If you need higher assurance, ask the publisher for explicit instructions on how credentials are expected to be supplied (environment variables, agent secrets, or local config) and for proof that the endpoints/hooks reference the official SDK and API.

Like a lobster shell, security has layers — review code before you run it.

latestvk971nvcfc2vstm4bknz6t66ean82chqa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments