ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Solana Funding Rate Arbitrage

Solana perpetual DEX funding rate arbitrage - scanner and auto-trader. Compares funding rates across Drift and Flash Trade to find and execute cross-DEX arbitrage opportunities. Use when analyzing Solana perp funding rates, finding funding arbitrage, setting up delta-neutral strategies, or running automated funding collection. Includes Monte Carlo simulation, backtesting, and full auto-trading capabilities.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.3k · 5 current installs · 5 all-time installs
by@Zedit42
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description match the included code: the repository contains scanners, Monte‑Carlo/backtest scripts, DEX adapters, and an auto‑trader that uses a Solana wallet to sign transactions. That functionality legitimately requires access to a wallet/private key, an RPC provider, and Node runtime. However, the registry metadata claims no required environment variables or binaries, which is inconsistent with the manifest and SKILL.md (which require Node 18+, npm install, and SOLANA_PRIVATE_KEY or keypair path).
!
Instruction Scope
SKILL.md and referenced scripts instruct the agent to read ~/.secrets/.env, a config file (~/.secrets/funding-arb-config.json), and wallet files (SOLANA_PRIVATE_KEY or SOLANA_WALLET_PATH), start a cron job, and run npx ts-node to execute trading logic. Those instructions grant the skill direct access to highly sensitive secrets and to run arbitrary TypeScript code locally — appropriate for live trading but high-risk and not reflected in metadata. The README warns 'never share your private key' but still instructs placing it in a file/ENV without recommending hardware-wallet or restricted signing approaches.
Install Mechanism
There is no explicit install spec in the registry, but package.json/package-lock are included and SKILL.md instructs 'cd scripts && npm install' and running npx ts-node. Dependencies are typical (axios, express) and optional Solana/Zeta SDKs are listed. No suspicious external download URLs or archive extracts were found; installation will pull packages from npm (traceable) and execute local TypeScript with ts-node (runs code on your machine).
!
Credentials
Live trading reasonably requires SOLANA_PRIVATE_KEY (or a keypair file) and an RPC URL, which are declared in SKILL.md and other docs — but the registry metadata lists no required env vars or primary credential. That metadata omission is a material inconsistency (the skill requests highly sensitive credentials but doesn't declare them). The skill will also create/use local files under ~/.clawd/funding-arb and ~/.secrets, which gives it persistent access to state and logs.
Persistence & Privilege
The skill is not force-included (always: false). It can be invoked autonomously (platform default), which combined with access to a private key would allow the agent to trade without interactive approval. That is expected for an auto-trader but increases blast radius — user should not enable live/private-key operation unless they explicitly trust the code and runtime environment. The skill writes local state/logs under ~/.clawd/funding-arb (expected for a trader).
What to consider before installing
This package contains real trading code and will, if configured for live mode, require and use your Solana private key (or keypair file) and an RPC endpoint. That is consistent with its purpose but the registry metadata incorrectly lists no required env vars — treat that as a red flag. Before installing or running: 1) Inspect the auto-trader and sendTransaction code paths yourself (or have a trusted reviewer) to confirm there are no hidden remote endpoints or backdoors. 2) Do NOT put a production private key with meaningful funds into .env; use a small test key or a restricted wallet. Prefer hardware-wallet or a signing service if possible. 3) Start in dry_run mode and run the backtests locally; confirm behavior of cron-runner.sh and where logs/state are written (~/.clawd and ~/.secrets). 4) Verify package.json and package-lock to ensure dependencies are expected; run npm install in an isolated environment or container. 5) Consider running the code in a sandboxed VM with a limited-key (tiny balance) and network monitoring before trusting it with real funds. 6) If you plan to use it live, update the registry metadata (or request the publisher do so) so required env vars and runtime are explicit. If you cannot audit the code, avoid giving this skill any private key or enabling autonomous live trading.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.1.0
Download zip
arbitragevk977wc6spavsw6kh530wa6ea7x80rb98defivk977wc6spavsw6kh530wa6ea7x80rb98driftvk977wc6spavsw6kh530wa6ea7x80rb98fundingvk977wc6spavsw6kh530wa6ea7x80rb98hackathonvk97937xg7xyt7nea788bwhgapn80rbw4latestvk977wc6spavsw6kh530wa6ea7x80rb98solanavk977wc6spavsw6kh530wa6ea7x80rb98tradingvk977wc6spavsw6kh530wa6ea7x80rb98

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Solana Funding Rate Arbitrage (v2.0)

Automated funding rate arbitrage bot for Solana perpetual DEXes.

🔥 What's New in v2.0

  • Auto-Trading: Fully automated position management
  • Multi-DEX Support: Drift Protocol + Flash Trade
  • Position Manager: Track PnL and funding collected
  • Risk Management: Stop-loss, max DD, auto-rebalancing
  • Cron Integration: Scheduled rate checks

Supported DEXes

DEXMarketsTradingData Source
Drift Protocol64✅ FullDirect API
Flash Trade19🔶 DRY_RUNCoinGecko

Strategy Options

StrategyLeverageWin RateAPYMax Drawdown
Ultra Safe1x96%126%2%
Conservative1.5x89%203%4%
Moderate2.5x85%411%9%

Quick Start

cd scripts && npm install

# 1. Scan funding rates (no trading)
npm run trade:scan

# 2. Check position status
npm run trade:status

# 3. Run in DRY_RUN mode (simulated)
npm run trade:dry

# 4. Run live trading (requires wallet)
npm run trade

# Other commands
npm run scan        # Basic rate scanner
npm run dashboard   # Web dashboard (:3456)
npm run monte-carlo # Risk simulations

Configuration

Config file: ~/.secrets/funding-arb-config.json

{
  "strategy": "ultra_safe",
  "max_position_pct": 50,
  "min_spread": 0.5,
  "max_dd_pct": 2,
  "auto_execute": true,
  "dry_run": true,
  "leverage": 1,
  "check_interval_hours": 4,
  "min_apy_threshold": 100,
  "max_position_usd": 100,
  "notification": {
    "telegram": true,
    "on_open": true,
    "on_close": true,
    "on_funding": true
  },
  "risk": {
    "max_positions": 2,
    "stop_loss_pct": 2,
    "take_profit_pct": null,
    "auto_rebalance": true,
    "rebalance_threshold": 0.3
  }
}

Environment Variables

Create .env in scripts directory or ~/.secrets/.env:

# Required for live trading
SOLANA_PRIVATE_KEY=[1,2,3,...]  # Or use wallet file
SOLANA_WALLET_PATH=/path/to/wallet.json

# Optional
SOLANA_RPC_URL=https://mainnet.helius-rpc.com/?api-key=YOUR_KEY
DEBUG=true  # Verbose logging

Cron Setup

Run every 4 hours:

# Add to crontab -e
0 */4 * * * ~/clawd/skills/solana-funding-arb/scripts/cron-runner.sh

How It Works

  1. Scan: Compare funding rates on Drift vs Flash Trade
  2. Identify: Find pairs where one is paying and other is receiving
  3. Execute:
    • Go LONG on exchange with negative rate (receive funding)
    • Go SHORT on exchange with positive rate (receive funding)
  4. Collect: Delta-neutral = collect funding from both sides
  5. Rebalance: Close when spread reverses or DD exceeded

Example Trade

SOL Funding Rates:
- Drift: -500% APY (longs receive)
- Flash: +800% APY (shorts receive)
- Spread: 1300% APY

Action:
→ LONG $50 SOL on Drift (receive 500% APY)
→ SHORT $50 SOL on Flash (receive 800% APY)
→ Net: Delta-neutral, collecting ~1300% APY in funding

Files

scripts/
├── src/trading/
│   ├── auto-trader.ts      # Main trading logic
│   ├── drift-client.ts     # Drift Protocol integration
│   ├── flash-client.ts     # Flash Trade integration
│   └── position-manager.ts # Position tracking
├── cron-runner.sh          # Cron wrapper script
└── ...

~/.clawd/funding-arb/
├── positions.json          # Current positions
├── history.json           # Trade history
├── trader-state.json      # Bot state
└── logs/                  # Cron logs

Risks

⚠️ Smart Contract Risk: DEX bugs, hacks ⚠️ Rate Reversal: 15-18% daily probability ⚠️ Execution Slippage: 0.2-0.4% ⚠️ Liquidation: Only with leverage >1x

Yield Comparison

PlatformAPYvs Ultra Safe
Ultra Safe (1x)126%
US Bank (FDIC)4.5%28x less
Aave V32.5%50x less
Marginfi8.5%15x less

Testing

  1. Start with dry_run: true (default)
  2. Run npm run trade:scan to verify opportunities
  3. Run npm run trade:dry to test execution flow
  4. When ready, set dry_run: false and max_position_usd: 10
  5. Monitor logs at ~/.clawd/funding-arb/logs/

References

Files

51 total
Select a file
Select a file to preview.

Comments

Loading comments…