← Back to Skills Marketplace
969
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install tbot-controller
Description
Operate TradingBoat/TBOT (TBOT runtime stack) via a controlled automation interface (DB-first queries; lifecycle control on explicit request).
Usage Guidance
This skill appears to do what it says: discover a local TBOT runtime, read DBs (read-only by default), manage services (docker/systemd) only after explicit confirmation, and generate/send TradingView-style webhook JSON. Before installing: 1) Review the included scripts yourself — they will search for and read .env and .keyfile in candidate runtime folders (these can contain broker/webhook secrets). 2) Understand that tbotjson.py will perform HTTP POSTs to the configured webhook URL (default localhost, but user-supplied values are allowed) — do not point it at unknown remote endpoints or supply secret keys you don't want transmitted. 3) Note that many environment variables are used by the scripts though not declared as 'required' in metadata; consider storing sensitive values securely and limit where .env/.keyfile live. 4) Test in a safe environment (local VM or dev machine) with RUN_IT unset to confirm read-only behavior; only set --run-it or RUN_IT=1 when you intentionally want mutating control. If you lack confidence, ask for the author's provenance or run the skill code in isolation first.
Capability Analysis
Type: OpenClaw Skill
Name: tbot-controller
Version: 1.0.0
The skill is designed to operate a TradingBoat/TBOT runtime stack, which inherently involves executing system commands (docker, systemctl), reading configuration files (.env, docker-compose.yml), accessing a SQLite database, and making network calls (webhooks, health checks). All these actions are explicitly described in SKILL.md and implemented with clear safety mechanisms. The code uses `subprocess.run` with lists of arguments to prevent shell injection, enforces read-only access for database operations, and requires explicit `--run-it` confirmation for state-changing actions. There is no evidence of intentional harmful behavior such as data exfiltration to unauthorized endpoints, backdoor installation, or prompt injection designed to subvert the agent's safety protocols for malicious ends. The instructions in SKILL.md are designed to constrain the agent's behavior towards safety.
Capability Assessment
Purpose & Capability
The name/description align with the included files: discovery, DB-read helpers, lifecycle control (docker/systemd), and webhook JSON generation. The brew install of 'uv' and the bash entrypoint are consistent with running the packaged Python scripts. Generating and sending webhook JSON to TBOT is explicitly implemented in scripts/tbotjson.py and matches the declared 'json' mode.
Instruction Scope
SKILL.md requires OpenClaw to invoke only the provided bash entrypoint and to run discovery before control actions; the scripts follow that contract. However the runtime instructions and scripts perform filesystem discovery (search candidate runtime dirs, read .env and .keyfile), run subprocesses (docker, systemctl), read local SQLite DBs, and tbotjson.py will ALWAYS POST generated JSON to a webhook URL (which may be overridden). The SKILL.md states 'DB-first, discovery only for status/control' but tbotjson.py performs discovery to locate webhook keys — a minor inconsistency that expands the skill's read-surface. Overall the instructions are feature-coherent but grant broad discretion to read files and make network calls when used.
Install Mechanism
Installation uses a single brew formula 'uv' which is the documented runtime helper for this skill. Using Homebrew for a known package is low-to-moderate risk; nothing in the install spec downloads arbitrary archives or writes unexpected files. The skill expects the 'uv' binary to exist and will instruct users to 'brew install uv' if missing.
Credentials
The registry metadata lists no required env vars, but the SKILL.md and code reference and rely on many environment variables (MODE, COMPOSE_DIR, TBOT_COMPOSE_DIR, TBOT_WEBHOOK_URL, WEBHOOK_KEY, TVWB_UNIQUE_KEY, TBOT_DB_PATH / TBOT_DB_OFFICE, RUN_IT, SYSTEMD_USER, DEFAULT_*). The scripts will read .env and .keyfile files to obtain webhook keys and other runtime secrets. While these env/file accesses are explainable given the purpose, they are not declared in 'requires.env' and mean the skill can read local secret-bearing files and potentially transmit values to a webhook endpoint.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide privileges. It does run subprocesses and may start/stop services only with explicit confirmation (--run-it or RUN_IT=1). It doesn't modify other skills or system-wide agent settings. Autonomous invocation (disable-model-invocation=false) is normal platform behavior and not by itself a red flag here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tbot-controller - After installation, invoke the skill by name or use
/tbot-controller - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of tbot-controller – an interface for controlling and querying TradingBoat/TBOT runtime stacks.
- Supports querying TBOT sqlite DB for alerts, orders, errors, and portfolio (DB-first).
- Allows starting/stopping TBOT runtime (docker compose or systemd) with explicit confirmation required for control actions.
- Provides on-demand health checks and recent log retrieval.
- Implements strong safety rules: defaults to read-only, requires --run-it or RUN_IT=1 for state-changing actions, refuses to print secrets.
- Probes and discovers runtime location; refusal if location or DB cannot be determined.
- Separates install/config of TBOT runtime; this skill operates only if runtime exists, otherwise read-only DB queries are available.
- Requires use of a bash entrypoint script and isolated Python environment (via uv).
Metadata
Frequently Asked Questions
What is TBOT Controller?
Operate TradingBoat/TBOT (TBOT runtime stack) via a controlled automation interface (DB-first queries; lifecycle control on explicit request). It is an AI Agent Skill for Claude Code / OpenClaw, with 969 downloads so far.
How do I install TBOT Controller?
Run "/install tbot-controller" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is TBOT Controller free?
Yes, TBOT Controller is completely free (open-source). You can download, install and use it at no cost.
Which platforms does TBOT Controller support?
TBOT Controller is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created TBOT Controller?
It is built and maintained by PlusGenie (@plusgenie); the current version is v1.0.0.
More Skills