← Back to Skills Marketplace
adacapo21

OpenMM

by Angelos Kappos · GitHub ↗ · v0.1.0
cross-platform ✓ Security Clean
343
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install openmm
Description
Open-source market making for AI agents. Multi-exchange trading, grid strategies, and real-time market data. CLI + MCP + Skills.
Usage Guidance
This package is coherent for trading use, but handle credentials and runtime installs carefully: - Only provide API keys with the minimum permissions required (read + trade; disable withdrawals). - Keep order-placing and strategy-starting tools disabled unless you explicitly allow them in your agent config; the plugin marks these as optional and documents allowlisting — follow that. - Prefer pinning package versions instead of using 'latest' to reduce supply-chain/upgrade risk. Audit the npm packages (@3rd-eye-labs/openmm, @qbtlabs/*) and their GitHub sources before installing. - Be cautious when running 'npx' (MCP server example) because npx downloads and executes package code at run time. Run it only in a trusted environment or after auditing the package. - Store API keys in a secure secrets store if possible, or ensure plugin-config storage is protected; never commit .env files or credentials to source control. - If you need higher assurance, review the upstream GitHub repositories and npm package contents (verify maintainers, inspect package code and release history) before installing on any production account or using real funds. If you want, I can list the exact places in the code and docs that handle credentials and the tool registration lines that perform CLI execs so you can review them in detail.
Capability Analysis
Type: OpenClaw Skill Name: openmm Version: 0.1.0 The OpenClaw AgentSkills skill bundle for OpenMM is designed for legitimate market making and trading activities. The `packages/plugins/openclaw-openmm/src/index.ts` plugin uses `node:child_process.execFile` to execute the `openmm` CLI, passing arguments as an array, which is a secure method against shell injection. Crucially, sensitive actions like `create_order` and `start_grid_strategy` are marked as `optional: true` and default to `dryRun: true`, requiring explicit user/admin approval. The `SKILL.md` and `CLAUDE.md` documentation consistently emphasizes strong safety practices, including dry-runs, user confirmation, checking balances, and explicitly disabling withdrawal permissions for API keys. API keys are handled securely via environment variables and marked as sensitive in plugin configurations. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection designed to subvert the agent's ethical guidelines or steal data.
Capability Assessment
Purpose & Capability
The name/description (multi-exchange market making, grid strategies, market data) matches the declared install (npm @3rd-eye-labs/openmm → openmm CLI) and the plugin/tooling. Required binary 'openmm' and the Node package dependency are coherent with the stated purpose. The code implements CLI calls and OpenClaw tools that match trading and market‑data functionality.
Instruction Scope
SKILL.md instructs installing the CLI, exporting exchange API keys to environment variables or plugin config, and running CLI commands or an MCP server. This is expected for a trading skill, but the docs also show running 'npx @qbtlabs/openmm-mcp' (which downloads and executes code at runtime) and examples that embed API keys in an MCP server config — both actions deserve caution because they execute remote packages or place credentials into processes that could be forwarded. The OpenClaw plugin registers both read-only tools and optional write tools (create/cancel orders, start/stop grids). Those write tools are marked optional and require allowlisting per the README, which is appropriate, but you must ensure they remain disabled unless explicitly allowed.
Install Mechanism
The install uses npm packages (@3rd-eye-labs/openmm and @qbtlabs/* plugins). npm installs are normal for this use case but carry supply‑chain risk (unlike a vetted OS package). The package.json uses 'latest' in dependencies (potentially mutable). The SKILL.md also suggests running 'npx' for an MCP server — npx fetches and runs a package on-demand which increases transient execution risk. No suspicious download URLs or extract-from-HTTP artifacts are present.
Credentials
Exchange API keys and a Bitget passphrase are the only sensitive secrets referenced, and they are proportionate to a trading skill. The top-level registry entry lists no required env vars, but subskills and plugin configs explicitly require exchange credentials — this is reasonable. The project warns to avoid withdrawal permissions and to not commit .env files, which aligns with least privilege practices. You should still use keys restricted to trading and read access only.
Persistence & Privilege
The skill does not request always:true or any elevated platform privileges. It registers an OpenClaw plugin that can persist configuration (plugin config holds API keys) which is normal for a plugin, and the optional trading tools require allowlisting. No evidence the skill attempts to modify other skills or system-wide agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openmm
  3. After installation, invoke the skill by name or use /openmm
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
OpenMM 0.1.0 — Initial Release - Launches open-source market making tools for AI agents with multi-exchange trading (MEXC, Gate.io, Kraken, Bitget) - Provides automated grid trading strategies and real-time market data - Includes CLI, MCP server mode, and library usage options - Supports real-time balances, tickers, orderbooks, trades, and comprehensive order management - Environment-based configuration for secure exchange credentials - Full open source release; MIT licensed and fully customizable
Metadata
Slug openmm
Version 0.1.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is OpenMM?

Open-source market making for AI agents. Multi-exchange trading, grid strategies, and real-time market data. CLI + MCP + Skills. It is an AI Agent Skill for Claude Code / OpenClaw, with 343 downloads so far.

How do I install OpenMM?

Run "/install openmm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenMM free?

Yes, OpenMM is completely free (open-source). You can download, install and use it at no cost.

Which platforms does OpenMM support?

OpenMM is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenMM?

It is built and maintained by Angelos Kappos (@adacapo21); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments