← Back to Skills Marketplace
wjllance

Standx Cli

by Lance · GitHub ↗ · v0.5.0
cross-platform ⚠ suspicious
589
Downloads
0
Stars
0
Active Installs
15
Versions
Install in OpenClaw
/install standx-cli
Description
Crypto trading CLI for StandX exchange v0.3.5. Use when users need to: (1) Query crypto market data (prices, order books, klines, funding rates), (2) Manage...
Usage Guidance
This skill appears to be what it claims (a CLI for StandX), but check a few things before installing or providing credentials: - Verify the upstream repository and author: review https://github.com/wjllance/standx-cli (or the repo referenced) and confirm releases match the SHA sums in the release notes. Don't run curl|sudo blindly. - Note the version mismatch: many files/scripts reference v0.3.5 while the registry shows 0.5.0. Confirm you are installing the intended version. - Prefer Homebrew only if you trust the 'wjllance' tap. If unsure, clone the repo, inspect sources, and build locally or use a vetted distribution channel. - Treat STANDX_JWT and STANDX_PRIVATE_KEY as sensitive: use ephemeral tokens, keep them in restricted files (chmod 600) or environment variables in a session, and rotate tokens regularly. - Avoid passing credentials on the command line (the SKILL.md warns of this); use file-based or env-var authentication as recommended. - If you must run the installer script, inspect it first and verify the GitHub release tarball contents and digital signature (if provided). Consider installing the binary in a sandbox/container first to test behavior. If you want, I can: (1) help list steps to verify the GitHub release (checksums, tags), (2) show a safe checklist for installing third-party CLI binaries, or (3) fetch the repo metadata to compare versions if you provide the repo URL to inspect.
Capability Analysis
Type: OpenClaw Skill Name: standx-cli Version: 0.5.0 The skill is classified as suspicious due to its installation methods, which involve downloading a binary from a remote GitHub release URL via `curl -L` and then moving it to `/usr/local/bin/` using `sudo mv`. While this is a common practice for installing CLI tools and the source (GitHub) is generally trusted, it represents a significant supply chain vulnerability and requires privilege escalation. There is no evidence of intentional malicious behavior, data exfiltration, prompt injection, or obfuscation. The documentation, particularly in `SKILL.md` and `references/troubleshooting.md`, provides good security advice regarding credential handling, warning against insecure storage methods. The 'suspicious' classification is based on the inherent risk of the powerful installation scripts, which could lead to RCE if the remote source were compromised, rather than any malicious intent within the skill itself.
Capability Assessment
Purpose & Capability
The skill's name, description, and runtime instructions consistently describe a crypto trading CLI that requires the 'standx' binary and the StandX JWT/private key for trading — these requirements are coherent with the stated purpose. However, registry-level metadata at the top shows no primary credential while the SKILL.md and openclaw metadata declare STANDX_JWT as the primary credential; that's an internal inconsistency in declarations.
Instruction Scope
SKILL.md instructions stay within the expected scope: installing the 'standx' binary, using it to query market data and manage orders, and guidance for authenticating via environment variables, files, or interactive login. The instructions warn about credential hygiene and do not direct data to unexpected external endpoints beyond the documented StandX API/WebSocket endpoints.
Install Mechanism
Install options use Homebrew (wjllance tap) and curl of GitHub release tarballs, then sudo mv to /usr/local/bin. Downloading from GitHub releases is common and acceptable if the repository is trustworthy, but the Homebrew formula is from a user tap rather than an official repo and the scripts hardcode a specific v0.3.5 artifact while registry/version metadata references v0.5.0 — this version mismatch and reliance on a personal tap/release should be verified (checksums, repository ownership, release provenance) before running the install scripts with sudo.
Credentials
The only sensitive items the skill needs (STANDX_JWT and optionally STANDX_PRIVATE_KEY) are appropriate for a trading CLI. However, registry summary at the top lists no required env/primary credential while the SKILL.md/openclaw metadata declare STANDX_JWT as primary — an inconsistency that could cause misconfiguration or surprise prompts. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and is user-invocable only. The install scripts require sudo to place the binary in /usr/local/bin (normal for CLI installs) but the skill itself does not demand elevated runtime privileges or permanent platform-level presence.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install standx-cli
  3. After installation, invoke the skill by name or use /standx-cli
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.5.0
**Summary:** standx-cli v0.5.0 introduces direct, scriptable install options and a reorganized structure for improved deployment and clarity. - Added direct GitHub-based install scripts for Linux and macOS in skill metadata (SKILL.md). - Expanded installation instructions in documentation to include direct download and manual methods. - Released an openclaw/ subdirectory for OpenClaw compatibility, along with a package.json. - Removed references to now-missing authentication, security, and homebrew docs; troubleshooting and examples remain. - Updated SKILL.md metadata: new install methods and a downgraded binary version in the description. - Removed/added various reference and meta files to match the new layout.
v0.4.8
Fix display name from 'Clawhub Publish' to 'StandX CLI'
v0.4.7
Add comprehensive security checklist and installation verification guide
v0.4.6
Add Homebrew security verification information and source metadata
v0.4.5
standx-cli v0.4.5 - Added new reference documentation files: API docs, authentication, examples, and troubleshooting. - Simplified and updated installation instructions; removed direct download/manual/script install steps from documentation and metadata. - Updated version references in documentation to v0.4.5. - Removed deprecated _meta.json file. - Enhanced organization and navigation in the documentation, with dedicated sections for reference links.
v0.4.4
standx-cli v0.4.4 - Updated binary installation commands to use standx-cli v0.4.4 for Linux and macOS. - Improved documentation and security guidance for authentication, recommending environment variables for storing credentials. - Added explicit credential requirements and environment variable descriptions in metadata. - Removed reference documentation files (API docs, examples, troubleshooting) from the repository. - New README.md and _meta.json files added for enhanced documentation and metadata structure.
v0.3.6
- Added new README.md, _meta.json, package.json, and openclaw integration files. - Updated authentication instructions to emphasize secure usage of environment variables and credential security best practices. - Improved metadata to specify primary and optional environment variable credentials for authentication. - Installation scripts and instructions updated to reference StandX CLI v0.3.5. - Reorganized and clarified manual install and credential management guidance.
v0.4.3
Simplify Option 3: Direct Download using install.sh script
v0.4.2
Update to v0.4.2 with Position model fixes
v0.4.1
Improved authentication documentation with detailed JWT Token and Private Key explanations
v0.4.0
Update to v0.4.0 with telemetry and UX improvements
v0.3.5
Update to v0.3.5 with improved install scripts
v0.3.4
Update to v0.3.4 with K-line fix and improved install scripts
v0.3.3
Update to v0.3.3 with latest features
v0.3.2
Initial release with market data, trading, and real-time streaming support
Metadata
Slug standx-cli
Version 0.5.0
License
All-time Installs 0
Active Installs 0
Total Versions 15
Frequently Asked Questions

What is Standx Cli?

Crypto trading CLI for StandX exchange v0.3.5. Use when users need to: (1) Query crypto market data (prices, order books, klines, funding rates), (2) Manage... It is an AI Agent Skill for Claude Code / OpenClaw, with 589 downloads so far.

How do I install Standx Cli?

Run "/install standx-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Standx Cli free?

Yes, Standx Cli is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Standx Cli support?

Standx Cli is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Standx Cli?

It is built and maintained by Lance (@wjllance); the current version is v0.5.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments