← Back to Skills Marketplace
1237
Downloads
4
Stars
4
Active Installs
2
Versions
Install in OpenClaw
/install bybit-futures
Description
Complete Bybit USDT perpetual futures trading system with risk management, paper trading, and live execution. Use when building a crypto futures trading bot,...
README (SKILL.md)
Bybit Futures Trading System
Complete trading infrastructure for Bybit USDT perpetual futures contracts.
Quick Start
- Install dependencies:
pip install ccxt websockets numpy requests - Copy
scripts/config_template.py→config.py, fill in API keys - Run paper trading:
python scripts/paper_trading_ws.py - When validated, switch to live:
python scripts/live_trading.py
Architecture
config.py ← API keys + risk parameters
risk_manager.py ← Position sizing, daily loss limits, max positions
paper_trading_ws.py ← WebSocket real-time paper trading
live_trading.py ← Live execution (same logic, real orders)
backtest.py ← Historical backtesting engine
Risk Management
All trades enforced by risk_manager.py:
- Max position: configurable % of capital per trade (default 20%)
- Max leverage: configurable (default 5x)
- Stop loss: automatic per-trade (default 3%)
- Take profit: automatic per-trade (default 6%, 2:1 R/R)
- Daily loss limit: halt trading after X% daily drawdown (default 10%)
- Max concurrent positions: configurable (default 3)
Included Strategies
EMA Crossover (ETH)
- EMA(12) crosses above EMA(26) → long
- EMA(12) crosses below EMA(26) → short
- Best on: ETH/USDT 1h timeframe
RSI Mean Reversion (SOL, HYPE, PEPE)
- RSI(14) crosses up from below 30 → long
- RSI(14) crosses down from above 70 → short
- Best on: SOL, HYPE (73% WR), 1000PEPE (53% WR) 1h timeframe
- Backtested: HYPE +$339, PEPE +$210 on 90-day 1h data
Custom Strategy Template
See references/custom_strategy.md for adding your own signals.
WebSocket Real-Time Engine
The paper/live trading engine uses Bybit's WebSocket v5 API:
- Ticker subscription: millisecond-level price updates for SL/TP
- Kline subscription: signal calculation on candle close only
- Auto-reconnect: 5s retry on disconnect
- State persistence: saves every 5 minutes to JSON
Deployment
Recommended: systemd service on a VPS.
# Create service file
sudo tee /etc/systemd/system/paper-trading.service \x3C\x3C 'EOF'
[Unit]
Description=Paper Trading Bot (WebSocket)
After=network.target
[Service]
Type=simple
WorkingDirectory=/root/trading
ExecStart=/usr/bin/python3 paper_trading_ws.py
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable --now paper-trading
Telegram Notifications
Built-in Telegram push for all events:
- Position opened/closed
- Stop loss / take profit hit
- 6-hourly summary reports
- Error alerts
Set TG_BOT_TOKEN and TG_CHAT_ID in config.
Files
scripts/config_template.py— Configuration templatescripts/risk_manager.py— Risk management enginescripts/paper_trading_ws.py— WebSocket paper trading botscripts/live_trading.py— Live trading botscripts/backtest.py— Backtesting enginereferences/custom_strategy.md— Guide for adding custom strategiesreferences/bybit_api_notes.md— Bybit API gotchas and tips
Usage Guidance
This package appears to be a real Bybit futures trading bot, but the registry metadata is incomplete: the code expects BYBIT_API_KEY and BYBIT_API_SECRET (and optional TG_BOT_TOKEN/TG_CHAT_ID) even though the skill declares no required env vars. Before installing: 1) Do not run it as root — create a dedicated user or container and avoid using /root paths from the README; 2) Only use API keys with contract/trading permissions and explicitly disable withdrawal/asset permissions; 3) Test on Bybit testnet first and review config.py to ensure no secrets are hard-coded; 4) Review the code yourself (or have someone audit it) — network endpoints used are Bybit (ccxt) and Telegram (api.telegram.org), which is expected, but confirm there are no other hidden endpoints; 5) Protect the state/log files (they contain positions and may be sensitive); 6) If you plan to run long-term, consider limiting API key scopes, rotating keys, and running inside an isolated environment. The main immediate issue is the metadata omission of required credentials — ask the publisher to correct the registry fields or treat the skill as requiring manual secret provisioning before use.
Capability Analysis
Type: OpenClaw Skill
Name: bybit-futures
Version: 1.1.0
The skill bundle implements a Bybit futures trading bot with paper and live trading capabilities, risk management, and Telegram notifications. All network communications are directed to legitimate services (Bybit API/WebSocket, Telegram API). API keys and tokens are handled via environment variables or user-filled placeholders, with explicit instructions to avoid sensitive permissions like 'Assets/Withdrawal'. The `SKILL.md` provides standard deployment instructions for a systemd service, which is a legitimate method for persistence for a trading bot, and does not contain any prompt injection attempts or instructions for unauthorized actions. No evidence of data exfiltration to unauthorized endpoints, malicious execution, or obfuscation was found.
Capability Assessment
Purpose & Capability
The code and SKILL.md implement a full Bybit USDT perpetual futures trading system (paper/live/backtest, risk manager, WebSocket engine, Telegram alerts). That capability legitimately requires Bybit API credentials and (optionally) Telegram tokens, but the skill's registry metadata claims no required env vars or primary credential. This mismatch between claimed requirements and actual code is a red flag.
Instruction Scope
The SKILL.md instructions are scoped to trading tasks (install Python deps, copy config_template.py → config.py, run paper/live scripts, optionally enable systemd). The instructions and code read/write local state (paper_state.json, live_state.json, risk_state.json), log to a file, and post notifications to Telegram. They do not attempt to read unrelated system files or exfiltrate data to unknown endpoints—network calls are limited to Bybit (WS/REST via ccxt) and Telegram. However, the README's systemd example uses /root/trading which encourages running as root; that's risky and should be avoided.
Install Mechanism
This is instruction-only with bundled Python scripts; there's no installer that downloads arbitrary executables. The SKILL.md tells users to pip install common Python packages (ccxt, websockets, numpy, requests) which is proportional to the functionality. No suspicious external download URLs or archive extraction are present.
Credentials
The code expects BYBIT_API_KEY and BYBIT_API_SECRET (and optionally TG_BOT_TOKEN/TG_CHAT_ID) via config.py / environment variables, but the skill metadata declares no required env vars or primary credential. Requesting exchange API keys is expected for a trading bot, but the metadata omission is misleading and reduces visibility into what secrets will be needed and used. This mismatch should be corrected before trusting the skill.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It persists state and logs to local JSON and log files in the working directory and suggests running as a systemd service (example uses /root/trading). Persisting trading state is normal, but you should avoid running the service as root and be aware state files may contain trading/account state; run in a constrained environment (dedicated user, container) and protect those files.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install bybit-futures - After installation, invoke the skill by name or use
/bybit-futures - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Added HYPE and PEPE RSI strategies (73% and 53% WR)
v1.0.0
Initial release of Bybit USDT perpetual futures trading system.
- Complete trading infrastructure with risk management, paper trading, and live execution modes
- Supports EMA crossover, RSI mean reversion, and custom strategies
- Built-in stop-loss, take-profit, position sizing, daily loss limits, and max leverage settings
- Real-time trading via Bybit WebSocket v5 API
- Backtesting engine and custom strategy integration
- Telegram notifications for trading events and alerts
Metadata
Frequently Asked Questions
What is Bybit Futures?
Complete Bybit USDT perpetual futures trading system with risk management, paper trading, and live execution. Use when building a crypto futures trading bot,... It is an AI Agent Skill for Claude Code / OpenClaw, with 1237 downloads so far.
How do I install Bybit Futures?
Run "/install bybit-futures" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Bybit Futures free?
Yes, Bybit Futures is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Bybit Futures support?
Bybit Futures is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Bybit Futures?
It is built and maintained by SunnyZhou (@sunnyztj); the current version is v1.1.0.
More Skills