ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NOFX AI Trading

v1.1.0

NOFX AI Trading OS integration - crypto market data, AI trading signals, strategy management, trader control, and automated reporting. Use when working with...

0· 1.1k·5 current·5 all-time
by@tinkle-community

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tinkle-community/nofx.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "NOFX AI Trading" (tinkle-community/nofx) from ClawHub.
Skill page: https://clawhub.ai/tinkle-community/nofx
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install nofx

ClawHub CLI

Package manager switcher

npx clawhub@latest install nofx
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (AI trading, strategy management, browser automation) align with the included docs and scripts: API calls to nofxos.ai, browser automation guidance, strategy schemas, and trader control are present and coherent. However, the skill metadata declares no required env vars / config paths / binaries while the shipped scripts and SKILL.md expect a local config file, an API key, and a browser profile — a proportionality/documentation mismatch.
!
Instruction Scope
Runtime instructions and reference docs instruct the agent to: (1) read a local workspace config (skills/nofx/config.json or $HOME/clawd/skills/nofx/config.json) containing API keys, (2) use a browser profile named 'clawd' for automation (implying access to logged-in sessions/cookies), and (3) send notifications via external channels (Telegram/Discord/Slack) — these actions access sensitive local secrets and session data and are not limited to just calling the NOFX API. The SKILL.md and references also include 'curl | bash' install examples (downloading and executing remote scripts) and broad guidance such as 'use browser tool with profile: clawd' which could enable reading other web sessions if misused.
Install Mechanism
There is no formal install spec (instruction-only), so nothing is automatically written by the platform. The documentation includes commands that fetch and run scripts from raw GitHub URLs (curl -fsSL https://raw.githubusercontent.com/NoFxAiOS/nofx/main/install.sh | bash) and downloads docker-compose YAML from GitHub — common for open-source projects but higher risk if you blindly execute remote install scripts without review.
!
Credentials
Although registry metadata lists no required env vars or config paths, the shipped scripts and docs clearly expect: NOFX_API_KEY (or a config.json with api_key), NOFX_CONFIG (optional override), and a browser_profile (clawd). The scripts use curl and jq (external binaries) but these are not declared. The skill therefore expects access to sensitive credentials and a browser profile even though it does not declare them — this is a notable mismatch and a potential exfiltration vector if the agent/browser tool has broad access.
Persistence & Privilege
The skill is not always-included and does not request elevated platform privileges. It does not claim to modify other skills or system-wide settings. Autonomous invocation is enabled (platform default), which increases blast radius if the skill is granted secrets; that combination with the other concerns is why caution is recommended.
What to consider before installing
What to consider before installing: - This package expects and uses an API key (NOFX_API_KEY) and a config file (default: ~/clawd/skills/nofx/config.json) but the registry metadata does not declare those requirements — do not assume keys are optional. Provide only least-privilege exchange keys (disable withdrawals, restrict permissions and IP whitelist). - The skill’s browser automation expects a profile named 'clawd' (logged-in session). Granting the agent/browser access to a profile can expose other site sessions/cookies; only use a dedicated, isolated browser profile and don't reuse your personal browser profile. - The scripts call external endpoints at nofxos.ai and include examples to post to Telegram/Discord/Slack. Confirm you trust those endpoints and any webhook URLs you configure. - The docs show running remote install scripts via curl|bash from GitHub raw — review those scripts before executing; avoid blind 'curl | bash'. - The shipped shell scripts depend on curl and jq but the metadata does not list required binaries; ensure you inspect and run scripts locally in an isolated environment before allowing the agent to run them. - If you proceed: review config.json and scripts manually, store API keys in a secure secret store (or environment variables with least privilege), use test/demo exchange keys first, and be prepared to rotate/revoke keys if anything suspicious occurs. - If you want a safer assessment, provide the install.sh referenced by the docs or confirm whether the agent will be given access to your browser profile or filesystem; that information would change the risk assessment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fh7h9ef8x2cx2jt1kcf1r0s815f59
1.1kdownloads
0stars
2versions
Updated 1h ago
v1.1.0
MIT-0
@tinkle-community
latest
Download

NOFX AI Trading Skill

Integrate with NOFX - the open-source AI-powered crypto trading operating system.

Quick Reference

ResourceURL
Web Dashboardhttps://nofxai.com
Data APIhttps://nofxos.ai
API Docshttps://nofxos.ai/api-docs
GitHubhttps://github.com/NoFxAiOS/nofx

Deployment

For installation and deployment instructions, see references/deployment.md:

  • One-click install (Linux/macOS/Docker)
  • Windows installation (Docker Desktop / WSL2)
  • Railway cloud deployment
  • Manual installation for developers
  • Server deployment with HTTPS

Supported Exchanges

For exchange registration links (with fee discounts) and API setup, see references/exchanges.md:

CEX: Binance, Bybit, OKX, Bitget, KuCoin, Gate.io DEX: Hyperliquid, Aster DEX, Lighter

AI Models: DeepSeek, Qwen, OpenAI, Claude, Gemini, Grok, Kimi

Configuration

Store credentials in workspace skills/nofx/config.json:

{
  "api_key": "cm_xxxxxx",
  "web_email": "user@example.com",
  "browser_profile": "clawd"
}

1. Market Data (API)

Base URL: https://nofxos.ai Auth: ?auth=API_KEY or Authorization: Bearer API_KEY

AI Signals

# AI500 - High potential coins (score > 70)
curl "https://nofxos.ai/api/ai500/list?auth=$KEY"

# AI300 - Quantitative flow signals (S/A/B levels)
curl "https://nofxos.ai/api/ai300/list?auth=$KEY&limit=10"

# Single coin AI analysis
curl "https://nofxos.ai/api/ai500/{symbol}?auth=$KEY"

Fund Flow

# Institution inflow ranking
curl "https://nofxos.ai/api/netflow/top-ranking?auth=$KEY&limit=10&duration=1h&type=institution"

# Outflow ranking
curl "https://nofxos.ai/api/netflow/low-ranking?auth=$KEY&limit=10&duration=1h&type=institution"

Open Interest

# OI increase ranking
curl "https://nofxos.ai/api/oi/top-ranking?auth=$KEY&limit=10&duration=1h"

# OI decrease ranking
curl "https://nofxos.ai/api/oi/low-ranking?auth=$KEY&limit=10&duration=1h"

# OI market cap ranking
curl "https://nofxos.ai/api/oi-cap/ranking?auth=$KEY&limit=10"

Price & Rates

# Price ranking (gainers/losers)
curl "https://nofxos.ai/api/price/ranking?auth=$KEY&duration=1h"

# Funding rate top (crowded longs)
curl "https://nofxos.ai/api/funding-rate/top?auth=$KEY&limit=10"

# Funding rate low (crowded shorts)
curl "https://nofxos.ai/api/funding-rate/low?auth=$KEY&limit=10"

# Long-short ratio anomalies
curl "https://nofxos.ai/api/long-short/list?auth=$KEY&limit=10"

Single Coin Data

# Comprehensive coin data
curl "https://nofxos.ai/api/coin/{symbol}?auth=$KEY&include=all"

# Order book heatmap
curl "https://nofxos.ai/api/heatmap/future/{symbol}?auth=$KEY"

Duration options: 1m, 5m, 15m, 30m, 1h, 4h, 8h, 12h, 24h, 2d, 3d, 5d, 7d

2. Strategy Management (Browser)

Use browser automation on https://nofxai.com/strategy

Strategy Structure

{
  "strategy_type": "ai_trading",
  "language": "en",
  "coin_source": {
    "source_type": "ai500|static|oi_top|oi_low|mixed",
    "static_coins": ["BTC", "ETH"],
    "use_ai500": true,
    "ai500_limit": 10
  },
  "indicators": {
    "enable_ema": true,
    "enable_rsi": true,
    "enable_atr": true,
    "enable_boll": true,
    "enable_oi": true,
    "enable_funding_rate": true,
    "enable_quant_data": true,
    "nofxos_api_key": "cm_xxx"
  },
  "risk_control": {
    "max_position_pct": 10,
    "stop_loss_pct": 3,
    "take_profit_pct": 5
  },
  "prompt_sections": {
    "role_definition": "...",
    "entry_standards": "...",
    "decision_process": "..."
  }
}

Natural Language Strategy Creation

When user describes a strategy in natural language:

  1. Parse requirements (coins, indicators, entry/exit rules, risk)
  2. Generate StrategyConfig JSON
  3. Navigate to Strategy Studio
  4. Create new strategy and fill in fields
  5. Save and activate

3. Trader Management (Browser)

Use browser automation on https://nofxai.com/traders

Actions

  • List: Navigate to /traders, parse trader list
  • Create: Click "Create Trader", select model/exchange/strategy
  • Start/Stop: Click Start/Stop button on trader card
  • View: Click "View" for details and logs

Trader Config

Model: claude|deepseek|gpt|gemini|grok|kimi|qwen
Exchange: binance|bybit|okx|bitget|kucoin|gate|hyperliquid|aster|lighter
Strategy: Select from strategy list

4. Dashboard (Browser)

Navigate to https://nofxai.com/dashboard

Available Data

  • Account equity and balance
  • Total P/L (absolute and percentage)
  • Current positions
  • Equity curve chart
  • Trade history
  • AI decision logs

5. Arena - AI Debate (Browser)

Navigate to https://nofxai.com/debate

Create Debate

  1. Click "New Debate"
  2. Select symbol
  3. Select AI models and roles:
    • Bull: Finds long opportunities
    • Bear: Finds short opportunities
    • Analyst: Neutral analysis
  4. Run debate rounds
  5. Get consensus recommendation

6. Backtest (Browser)

Navigate to https://nofxai.com/backtest

Run Backtest

  1. Select AI model
  2. Select strategy (optional)
  3. Enter symbols (comma-separated)
  4. Set time range
  5. Run and analyze results

7. Monitoring & Alerts

Cron Job for Market Reports

{
  "name": "NOFX Market Report",
  "schedule": {"kind": "cron", "expr": "*/30 * * * *"},
  "sessionTarget": "isolated",
  "payload": {
    "kind": "agentTurn",
    "message": "Fetch NOFX data and generate market report...",
    "deliver": true,
    "channel": "telegram",
    "to": "USER_ID"
  }
}

Report Contents

  • 🤖 AI500 signals (coin + score + gain)
  • 💰 Institution flow TOP10
  • 🚀 Price gainers TOP10
  • 📈 OI increase TOP10
  • 📉 OI decrease TOP10
  • ⚠️ Drop alerts

8. Common Workflows

Daily Market Check

  1. Fetch AI500/AI300 signals
  2. Check institution fund flow
  3. Monitor OI changes
  4. Identify opportunities

Strategy Development

  1. Analyze market data
  2. Define entry/exit rules
  3. Create strategy in Studio
  4. Backtest with historical data
  5. Create trader and start

Risk Monitoring

  1. Check dashboard P/L
  2. Review positions
  3. Monitor drawdown
  4. Adjust or stop traders if needed

API Response Examples

See references/api-examples.md for detailed response structures.

Additional References

ReferenceDescription
references/grid-trading.mdGrid trading detailed guide with examples
references/market-charts.mdMarket page and chart analysis
references/multi-account.mdMulti-account management
references/webhooks.mdTelegram/Discord/Slack notifications
references/faq.mdFrequently asked questions

Comments

Loading comments...