← Back to Skills Marketplace
154
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install riskstate
Description
Deterministic risk governance API for autonomous crypto trading agents. Returns position limits, allowed actions, and policy constraints from 30+ real-time s...
Usage Guidance
What to check before installing or enabling this skill:
- Verify the API host and ownership: SKILL.md points at https://riskstate.netlify.app for the API while the homepage is https://riskstate.ai. Confirm that riskstate.netlify.app is an intentional API host for RiskState (e.g., check the official website, GitHub repo, and maintainers) before sending an API key.
- Provide a limited-scope key: use an "external"/read-only key (rs_live_ type) if possible, and avoid giving any owner/admin keys to the skill. Do not hardcode keys into source; use environment variables as recommended.
- Correct the metadata gap: the registry metadata claims no required env vars, but SKILL.md requires RISKSTATE_API_KEY. Ask the publisher or registry to update the metadata so the platform can surface the prompt for the API key and label required permissions correctly.
- Test with minimal data and monitoring: try one-off calls and verify network traffic (outbound destination, IPs, TLS certificate) and response shape before enabling the skill for autonomous use. Monitor API usage and rotate keys if anything looks unexpected.
- Treat wallet parameter as sensitive: only supply wallet addresses when you intend on DeFi monitoring; the wallet parameter is relevant but it can expose on-chain linkage for that key.
If the publisher provides a clarified package (metadata listing RISKSTATE_API_KEY) and an expected API host matching their official domain or a documented, trusted endpoint (and you can confirm the GitHub/org), this would reduce the concern. Conversely, unexpected hosts or requests for broader credentials would increase risk.
Capability Analysis
Type: OpenClaw Skill
Name: riskstate
Version: 1.2.2
The RiskState skill bundle provides a deterministic risk governance API for crypto trading agents to manage position sizing and operational constraints. The documentation (SKILL.md, README.md, and docs/api-v1.md) is comprehensive and consistently describes a service that returns risk-related signals and policy levels based on market data. There is no evidence of malicious intent, data exfiltration, or harmful prompt injection; the instructions provided to the agent are strictly focused on enforcing trading limits and safety protocols (e.g., aborting trades if structural blockers are detected). The API uses standard Bearer token authentication and communicates with a specified Netlify endpoint (https://riskstate.netlify.app).
Capability Assessment
Purpose & Capability
The skill's name, README, docs, and SKILL.md consistently describe a risk-governor API for crypto trading agents — requiring a single API key and returning permissioning data. That capability legitimately needs an API endpoint and key. However, the registry metadata at the top lists "Required env vars: none" while the SKILL.md explicitly declares env: RISKSTATE_API_KEY and shows authentication via a Bearer token. This metadata mismatch is an incoherence (likely a packaging/metadata error) and should be corrected/confirmed.
Instruction Scope
The runtime instructions are narrow and consistent with the stated purpose: POST JSON to https://riskstate.netlify.app/v1/risk-state with Authorization: Bearer $RISKSTATE_API_KEY. Optional wallet parameter is relevant to DeFi monitoring. The SKILL.md does not instruct the agent to read unrelated files, other credentials, or system secrets.
Install Mechanism
This is an instruction-only skill (no install spec, no code files to execute). That is lower risk because nothing is written or executed locally by the skill itself.
Credentials
The service needs one credential (an API key) which is proportionate to its function. The concern is the registry metadata failing to list this required env var — users or the platform could miss prompting for the key or mis-handle permission scopes. Also note the docs reference an owner/admin key and external `rs_live_` keys; users should ensure they only supply external keys with limited scope.
Persistence & Privilege
The skill does not request always:true and has no install-time persistence steps. It does not ask to modify other skills or system-wide settings in the provided materials.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install riskstate - After installation, invoke the skill by name or use
/riskstate - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.2
v1.2.2 — Remove owner/admin key references from agent-facing documentation. Simplified Security section to single key type (rs_live_* prefix) with single env var (RISKSTATE_API_KEY). Eliminates credential ambiguity flagged by OpenClaw scanner. Auth section now explicitly names key prefix and env var together.
v1.2.1
v1.2.1 — Standardize credential naming and metadata for marketplace trust scoring. Added env: RISKSTATE_API_KEY to frontmatter. All examples now use $RISKSTATE_API_KEY (was $TOKEN). Full API host in endpoint field. Aligned tags across npm, SKILL.md, and GitHub topics (16 keywords). Fixes OpenClaw scanner "Suspicious" flag.
v1.2.0
RiskState version 1.2.0
- Expanded skill tags for improved searchability and classification.
- Added a new "Security" section to documentation, clarifying API host usage and key types.
- Stated rate limits and authentication practices for API keys.
- No changes to core functionality or API endpoints.
v1.1.1
- Improved documentation in SKILL.md with a clear overview of functionality, detailed usage instructions, and example requests/responses.
- Clarified the scope: deterministic risk governor for crypto trading agents, returning position limits, allowed/blocked actions, and policy constraints based on 30+ real-time signals.
- Provided explicit policy interpretation, field precedence, and agent behavior for degraded/failure modes.
- Added details on authentication, supported assets (BTC, ETH), and polling recommendations.
- Enhanced API response documentation, including minimal and detailed outputs for better integration guidance.
Metadata
Frequently Asked Questions
What is RiskState — Risk Governor for Crypto Trading Agents?
Deterministic risk governance API for autonomous crypto trading agents. Returns position limits, allowed actions, and policy constraints from 30+ real-time s... It is an AI Agent Skill for Claude Code / OpenClaw, with 154 downloads so far.
How do I install RiskState — Risk Governor for Crypto Trading Agents?
Run "/install riskstate" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is RiskState — Risk Governor for Crypto Trading Agents free?
Yes, RiskState — Risk Governor for Crypto Trading Agents is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does RiskState — Risk Governor for Crypto Trading Agents support?
RiskState — Risk Governor for Crypto Trading Agents is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created RiskState — Risk Governor for Crypto Trading Agents?
It is built and maintained by Likido (@likidodefi); the current version is v1.2.2.
More Skills