← Back to Skills Marketplace
hyy2099

AegisClaw - 金甲龙虾

by hyy2099 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
252
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install aegisclaw
Description
Use this skill when the user asks to manage Binance assets, check account security, scan for arbitrage opportunities, or perform automated dust sweeps. Comma...
README (SKILL.md)

AegisClaw - 金甲龙虾 (Binance Security & Profit Guardian)

🦞 A defensive AI agent based on the principle of least privilege and Binance sub-account ecosystem, focusing on low-risk automated asset management and arbitrage.

When to Use This Skill

Use this skill when the user asks to:

  • Check Binance account security status
  • Scan for idle assets and dust
  • Monitor funding rate arbitrage opportunities
  • Perform dust sweeps (convert small balances to BNB)
  • Generate weekly profit reports
  • Initialize or configure Binance API connection

Commands

Command Description Example
init \x3Capi_key> \x3Capi_secret> Initialize plugin with Binance API credentials /aegisclaw init key secret
check Run security fence check /aegisclaw check
scan Scan idle assets and dust /aegisclaw scan
arbitrage Scan funding rate arbitrage opportunities /aegisclaw arbitrage
dust [assets] Execute dust sweep (convert small balances) /aegisclaw dust
report Generate weekly profit report /aegisclaw report
status View current status /aegisclaw status
help Display help information /aegisclaw help

Required Environment Variables

The skill requires the following environment variables (set via .env file or system environment):

  • BINANCE_API_KEY - Binance API Key (required)
  • BINANCE_API_SECRET - Binance API Secret (required)
  • BINANCE_TESTNET - Whether to use testnet (optional, default: false)

Key Features

🛡️ Security Fence

  • Sub-account sandbox isolation - Recommended to use independent sub-accounts
  • API permission self-check - Automatically detect and warn of dangerous permission configurations
  • Operation firewall - Slippage limits, trading frequency control

💰 Profit Engine

  • Launchpool/Megadrop monitoring - Intelligent scan for new mining opportunities
  • Automatic dust conversion - Automatically convert small assets to BNB (Dust Sweeper)
  • Funding rate arbitrage - Risk-free arbitrage between spot and futures

📊 Data Statistics

  • Balance snapshot recording - Automatically save daily asset snapshots
  • Trade history tracking - SQLite database persistence
  • Weekly profit reports - One-click generate and share profit reports

Security Recommendations

  1. Use Sub-accounts: Create a sub-account with only 500-1000 USDT for operations. Do not use main accounts.

  2. Limit API Permissions:

    • ✅ Enable: Spot Trading (SPOT)
    • ❌ Disable: Withdrawals (WITHDRAW)
    • ❌ Disable: Futures Trading (FUTURES)

  3. Bind IP Whitelist: Restrict API to access from specific IPs only. Regularly check IP whitelist.

  4. Control Fund Scale: Sub-account funds recommended within 1000 USDT. Use idle funds that won't affect daily life.

Usage Flow

Initial Setup

  1. Initialize with API credentials: /aegisclaw init \x3Capi_key> \x3Capi_secret>
  2. Run security check: /aegisclaw check
  3. Verify account type and permissions

Daily Operations

  1. Scan assets: /aegisclaw scan
  2. Check arbitrage opportunities: /aegisclaw arbitrage
  3. Execute dust sweep if needed: /aegisclaw dust

Weekly Review

  1. Generate weekly report: /aegisclaw report
  2. Review profit/loss and asset distribution

Error Handling

  • Invalid API credentials: The skill will report initialization failure and prompt to check API key and secret
  • Permission denied: If API lacks required permissions, the skill will warn and suggest adjusting settings
  • Rate limit exceeded: The skill will notify you to retry later
  • Network error: The skill will attempt one retry before asking user to try again later

Integration Notes

This skill integrates with OpenClaw through the plugin interface in openclaw_plugin/plugin.py. It can be called via:

  • Direct commands in chat interfaces
  • Scheduled tasks via cron jobs
  • Automated workflows with other skills

Key Safety Points

  • Never share or expose API keys or secrets in logs or user-facing messages
  • Always validate permissions before executing trading operations
  • Use sub-accounts with limited funds for safety
  • Monitor account balance regularly and set reasonable limits
  • This skill is designed for low-risk operations - avoid high-risk trading strategies

Repository & Support

🦞 AegisClaw - Your Binance risk-free profit guardian and asset protector

Usage Guidance
Do not install or provide real Binance API keys until you verify the source repository and review the code (especially openclaw_plugin/plugin.py and install.py). Specific actions: - Confirm the plugin's canonical repository (the SKILL.md points to https://github.com/hyy2099/aegisclaw). Inspect that upstream repo and commit history. - Review openclaw_plugin/plugin.py and main.py to see how credentials are stored/transmitted and whether any external endpoints beyond Binance/Telegram are contacted. - Only create a Binance sub-account with minimal funds and generate an API key with trading (SPOT) enabled and WITHDRAW disabled; bind key to IP whitelist if possible. - Look for undeclared env vars (TELEGRAM_BOT_TOKEN / TELEGRAM_CHAT_ID, HTTPS_PROXY) and decide whether you want notification features; ensure they are set only if you trust the code. - If you lack the expertise to audit the code, run the skill in an isolated environment (isolated VM/container) and use testnet keys first (set BINANCE_TESTNET=true) to observe behavior before providing real credentials. - Prefer to avoid giving full keys until you confirm that the skill does not exfiltrate data or call unknown endpoints; check network activity during a test run. These inconsistencies (missing declared env vars and install claims) are not proof of malice but are reason to pause and verify before giving it access to your funds.
Capability Analysis
Type: OpenClaw Skill Name: aegisclaw Version: 1.0.0 AegisClaw is a Binance asset management and arbitrage tool designed to automate low-risk operations like dust conversion and funding rate monitoring. The code follows standard security practices for financial bots, including HMAC-SHA256 request signing in core/api_client.py and a dedicated security module (core/security_checker.py) that warns users if dangerous API permissions (e.g., withdrawals) are enabled. No evidence of data exfiltration, obfuscation, or malicious prompt injection was found; the tool's behavior aligns strictly with its stated purpose of defensive asset management.
Capability Assessment
Purpose & Capability
The skill's name/description and code implement Binance account management, arbitrage scanning, dust sweeps and reporting — that capability reasonably requires BINANCE_API_KEY and BINANCE_API_SECRET. However the registry metadata at the top lists no required environment variables or primary credential, which contradicts the SKILL.md and code. The project also contains setup.py, requirements.txt and multiple Python modules (not an instruction-only bundle), so the 'instruction-only'/install claim is inconsistent with the actual package contents.
Instruction Scope
SKILL.md explicitly requires Binance API credentials and lists commands (init, scan, dust, arbitrage, etc.) which align with code. But SKILL.md and the registry disagree (registry omitted required env vars). The instructions mention scheduled tasks and automated workflows — combined with code that can place orders (new_order, dust_transfer) this grants the plugin broad ability to interact with user accounts. The SKILL.md does not mention some environment/config values the code reads (e.g., Telegram bot token, HTTPS_PROXY), which is a scope discrepancy.
Install Mechanism
The manifest says 'No install spec — instruction-only', yet the package contains many code files, setup.py and requirements.txt, implying it is intended to be installed/run. There is no explicit install URL or packaged release, and the clawhub/CLAWHUB instructions reference publishing. This mismatch (claimed instruction-only vs actual code) is an integrity/packaging concern you should resolve by verifying the source repository.
Credentials
SKILL.md and config.py require BINANCE_API_KEY and BINANCE_API_SECRET (expected for Binance operations). However: (1) the registry metadata omitted these required env vars, (2) config.py also reads TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID though SKILL.md doesn't document them, and (3) the API client will honor HTTPS_PROXY/HTTP_PROXY environment variables. Requiring API keys for trading is expected, but any undeclared tokens or network/proxy behavior should be made explicit before trusting keys. Ensure withdraw privilege is disabled and permissions are limited to SPOT/trade only.
Persistence & Privilege
always:false (no forced global inclusion). The skill persists data locally in an SQLite DB (db/aegisclaw.db) and logs operations — this is expected for reports/auditing. The plugin can be invoked autonomously (platform default); combined with trading capabilities this increases blast radius if misused, but autonomous invocation alone is not a disqualifier. There's no evidence the skill attempts to modify other skills or system-wide configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install aegisclaw
  3. After installation, invoke the skill by name or use /aegisclaw
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release - 币安安全赚币与护境神将
Metadata
Slug aegisclaw
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is AegisClaw - 金甲龙虾?

Use this skill when the user asks to manage Binance assets, check account security, scan for arbitrage opportunities, or perform automated dust sweeps. Comma... It is an AI Agent Skill for Claude Code / OpenClaw, with 252 downloads so far.

How do I install AegisClaw - 金甲龙虾?

Run "/install aegisclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AegisClaw - 金甲龙虾 free?

Yes, AegisClaw - 金甲龙虾 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does AegisClaw - 金甲龙虾 support?

AegisClaw - 金甲龙虾 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AegisClaw - 金甲龙虾?

It is built and maintained by hyy2099 (@hyy2099); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments