← Back to Skills Marketplace
alex-wuhu

Trade Audit

by Alex · GitHub ↗ · v2.0.0 · MIT-0
cross-platform ⚠ suspicious
112
Downloads
0
Stars
1
Active Installs
5
Versions
Install in OpenClaw
/install trade-audit
Description
Mandatory audit gate for all trading and transfer decisions. Sends agent-prepared decision material to Apus deterministic inference on an NVIDIA H100 TEE and...
Usage Guidance
This skill is broadly consistent with its description, but take these precautions before installing or using it: - Review and fix the code bug: analyze.py contains an undefined name ('normal') in normalize_packet which will likely raise an exception; ask the author for a corrected release or patch before relying on it. - Audit data sent to Apus: the script posts whatever is in the prepared bundle to https://hb.apus.network; ensure you never include private keys, wallet seeds, or any confidential PII in prepared bundles. The SKILL.md recommends stripping extraneous text, but that is a manual step — consider adding explicit sanitization or local vetting. - Verify the Apus endpoint and attestation claims: confirm the endpoint, attestation format, and expected guarantees (hardware TEE attestation, integrity proofs) independently. Hard-coded endpoints are harder to rotate; you may prefer an environment-variable override so you can point to a test or internal endpoint. - Be aware of local logs: runs append records to ~/.trade-audit/audit.jsonl which may contain sensitive decision material; decide whether to encrypt, rotate, or disable logging. - Test in an isolated environment: run the script with non-sensitive sample bundles to see behavior and confirm output formatting and exit codes (gate mode) before integrating into any automated trading workflow. If you want, I can: (1) point out exact lines to patch for the undefined-variable bug; (2) produce a hardened variant that prompts for explicit approval before sending bundles externally and optionally redacts sensitive fields; or (3) draft a short checklist for safe operational use (logging policy, bundle sanitization, endpoint verification).
Capability Analysis
Type: OpenClaw Skill Name: trade-audit Version: 2.0.0 The trade-audit skill provides a hardware-attested audit gate for financial decisions by sending agent-prepared data to the Apus Network TEE inference API (apus.network). The implementation in analyze.py is transparent, using only standard libraries to process inputs, communicate with the specified endpoint, and maintain a local audit log in ~/.trade-audit/. No evidence of malicious intent, credential theft, or unauthorized execution was found; the skill's behavior is strictly aligned with its documented purpose of providing verifiable trade audits.
Capability Assessment
Purpose & Capability
Name/description say it will accept agent-prepared decision material, send it to Apus deterministic inference, and return an attested verdict. The included analyze.py implements those behaviors (builds a normalized bundle, posts to an APUS endpoint, parses a JSON packet, and writes a local audit log). No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md confines work to agent-prepared inputs and instructs the agent to fetch public data and distill it before calling analyze.py. The script itself posts the bundle to a remote Apus endpoint and appends a record to ~/.trade-audit/audit.jsonl. Two issues: (1) analyze.py contains at least one clear coding bug (in normalize_packet it sets norm['missing_information'] = normal, where 'normal' is undefined) which will likely cause crashes or exceptions at runtime; (2) the skill will transmit whatever the agent includes in the prepared bundle (addresses, amounts, possibly other sensitive details) to an external service by default — the SKILL.md warns to strip extraneous material but there is no technical safeguard to prevent leaking sensitive fields.
Install Mechanism
No install spec; the skill is instruction-plus-a-single-python script using only stdlib. Nothing is downloaded or written beyond the script and template files included in the bundle.
Credentials
The skill declares no required environment variables or credentials and the code uses hard-coded APUS_BASE_URL and MODEL_NAME. There is no request for unrelated credentials. However, because it posts bundle contents to an external endpoint, users must ensure they don't include secrets in prepared bundles.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. It does create and append an audit log at ~/.trade-audit/audit.jsonl on each run; that persistent local storage could accumulate sensitive decision material and should be considered when deploying (encryption, rotation, or opt-out may be desirable).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install trade-audit
  3. After installation, invoke the skill by name or use /trade-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
Zero dependencies: replaced openai SDK with Python stdlib (urllib). No pip/uv/venv required — works on any system with python3.
v1.2.1
Remove post-install instruction — audit rule should come from user, not skill
v1.2.0
Add post-install instruction: agents must automatically audit all financial actions without asking
v1.1.0
Add public data sources (Polymarket, CoinGecko, Binance), no-wallet-required note, TEE attestation display requirement, bundle size guard
v1.0.0
Initial release: mandatory audit gate for trading & transfer decisions via Apus TEE. Features: --gate mode with semantic exit codes, --min-confidence threshold, local audit log, bundle size guard.
Metadata
Slug trade-audit
Version 2.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 5
Frequently Asked Questions

What is Trade Audit?

Mandatory audit gate for all trading and transfer decisions. Sends agent-prepared decision material to Apus deterministic inference on an NVIDIA H100 TEE and... It is an AI Agent Skill for Claude Code / OpenClaw, with 112 downloads so far.

How do I install Trade Audit?

Run "/install trade-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Trade Audit free?

Yes, Trade Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Trade Audit support?

Trade Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Trade Audit?

It is built and maintained by Alex (@alex-wuhu); the current version is v2.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments