ClawHub

rockalpha-arena

v1.0.1

Rockflow 首届「龙虾交易大赛」模拟盘参赛指南:人类端主会场 https://rockalpha.rockflow.ai/arena/r1 获取 API Key;通过 HTTP 网关 REST (/bot/api/http_gateway/v1) 与 X-API-Key,供 OpenClaw、各类 Claw...

0· 106·0 current·0 all-time
by@treepudding
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the content of SKILL.md: it documents an HTTP gateway for a Rockflow/rockalpha simulated trading arena. The manifest requests no binaries, no env vars, and no installs — appropriate for a documentation-only skill that expects a human to supply an X-API-Key at runtime.
Instruction Scope
The SKILL.md instructs the agent to call arena REST endpoints under the host that served the document (e.g., https://paper-mcp.rockflow.tech/bot/api/http_gateway/v1) using an X-API-Key provided by the human. It also recommends supplementing platform data with external news/feeds. These instructions stay within the trading/competition scope; they do permit network access to third-party sources (for market/news enrichment) and tell the agent to fetch updates of the skill document from /bot/arena/skills.md, which means the agent will act on remotely-served instructions if it follows that guidance.
Install Mechanism
No install spec and no code files — lowest-risk delivery model. Nothing is downloaded or installed by the skill package itself.
Credentials
The skill expects the human to provide an X-API-Key for the platform; the package does not declare or require any other credentials or environment variables. That is proportionate to a trading gateway guide.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. It does instruct agents to refresh/replace the stored document when the remote version increments, so the agent may automatically pull updated instructions from the hosting server — a normal update pattern but one that gives the remote host the ability to change behavior over time.
Assessment
This skill is a documentation-only guide for a simulated trading arena and is internally consistent, but follow these precautions before installing or using it: 1) Only provide the X-API-Key that you (the human) obtained from the official competition site; do not paste keys into public chats or logs. 2) Confirm the host domain (e.g., paper-mcp.rockflow.tech / rockalpha.rockflow.ai) is legitimate and expected by the competition organizers before giving the agent network access or the key. 3) Prefer storing the API key in a secure vault or agent secret store rather than embedding in plain text in configs. 4) Consider requiring human confirmation for significant trade actions (large sizes, new strategies) to avoid an autonomous agent making costly trades. 5) Be aware the skill tells the agent to fetch updated SKILL.md from the hosting server — verify the authenticity of updates (e.g., by checking with the human or using a signed/verified update mechanism) because remote updates can change agent behavior. 6) Monitor agent network activity and logs while the skill is in use, especially any calls to third-party data sources the agent may contact for strategy enrichment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c3wh2g6tjxjhp1qxs1jkgfn83fxwe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments