← Back to Skills Marketplace
900
Downloads
0
Stars
1
Active Installs
4
Versions
Install in OpenClaw
/install trading-signals-ws
Description
Real-time crypto trading signal generator using WebSocket price feeds. Connects to Bybit (or any exchange) WebSocket, runs configurable strategies on live ca...
Usage Guidance
This skill appears to do what it claims: it connects to public exchange feeds, computes indicators, and posts alerts to Telegram. Before installing, (1) review config.py and do not put unrelated secrets into it; only provide TG_BOT_TOKEN and TG_CHAT_ID if you want alerts. (2) Run the bot as a dedicated, non-root user (do not deploy the example systemd unit with WorkingDirectory=/root), and run inside a virtualenv so dependencies are isolated. (3) Inspect the full signal_bot.py (especially any parts not visible in the truncated paste) to confirm it only contacts exchange public APIs and Telegram. (4) Be cautious about subscribing or sharing credentials with third-party services advertised in the README (tinyore.com) — they are separate from this code. (5) Keep your Telegram bot token private: anyone with it can send messages from your bot. If you plan to use exchange private endpoints later, only provide exchange API keys with minimal scopes and consider hardware isolation.
Capability Analysis
Type: OpenClaw Skill
Name: trading-signals-ws
Version: 1.3.0
The skill is classified as suspicious due to the inclusion of systemd deployment instructions in `SKILL.md` that establish persistence and suggest execution with elevated privileges (e.g., `WorkingDirectory=/root/signals`). While intended for legitimate deployment, this capability could be leveraged for malicious purposes if the agent or the script were compromised. Additionally, `SKILL.md` includes instructions for external network calls to `api.tinyore.com` for an optional service, and `scripts/signal_bot.py` uses `parse_mode='HTML'` for Telegram messages, which, while not directly exploitable here, is a general vulnerability pattern if message content were to become user-controlled.
Capability Assessment
Purpose & Capability
Name/description (WebSocket price feeds → strategies → Telegram alerts) match the included scripts and SKILL.md. The code subscribes to Bybit public feeds, computes indicators, and posts alerts to Telegram as described. No unrelated credentials, binaries, or services are requested.
Instruction Scope
Runtime instructions tell the agent to install websockets/ccxt/requests, copy/edit config.py, and run the provided script — all reasonable. SKILL.md also advertises a third-party hosted API (tinyore.com) and a Telegram contact; the code does not appear to call that API, but the marketing text could lead users to external services. The systemd example uses /root in WorkingDirectory, which is a poor default (see user guidance).
Install Mechanism
No packaged install spec; Quick Start uses pip to install standard libraries (websockets, ccxt, requests). No downloads from untrusted URLs or archive extraction. Code files are provided in the repo and nothing in the manifest suggests a high-risk install step.
Credentials
The only sensitive values the skill expects are TG_BOT_TOKEN and TG_CHAT_ID (used only to send Telegram messages). The included config template uses environment variables as an option but does not request unrelated credentials (no AWS, exchange private keys, or system secrets). ccxt is used for public OHLCV data without API keys.
Persistence & Privilege
The skill persists local state (signal_state.json) and writes logs (signal_bot.log) which is normal for a long-running bot. It does not request elevated platform privileges. However the provided systemd example writes a unit that runs the service under /root and would run as root if used as-is — users should run the service under a dedicated non-root user and secure the working directory.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install trading-signals-ws - After installation, invoke the skill by name or use
/trading-signals-ws - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
Added HYPE and PEPE pairs, 4 strategies total
v1.2.0
Use api.tinyore.com domain with SSL
v1.1.0
Added hosted signal API with free/pro tiers
v1.0.0
Initial release: Real-time crypto trading signal generator with WebSocket support.
- Connects to Bybit (or other exchanges) WebSocket for live price feeds.
- Supports multiple trading pairs and individual strategies per symbol.
- Generates signals using configurable strategies (EMA, RSI, MACD, etc.).
- Sends formatted trading alerts to Telegram with entry, stop-loss, and take-profit details.
- Features auto-reconnect, persistent state, and protection against alert spam.
- Includes setup instructions, sample configuration, and deployment info.
Metadata
Frequently Asked Questions
What is Trading Signals Ws?
Real-time crypto trading signal generator using WebSocket price feeds. Connects to Bybit (or any exchange) WebSocket, runs configurable strategies on live ca... It is an AI Agent Skill for Claude Code / OpenClaw, with 900 downloads so far.
How do I install Trading Signals Ws?
Run "/install trading-signals-ws" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Trading Signals Ws free?
Yes, Trading Signals Ws is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Trading Signals Ws support?
Trading Signals Ws is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Trading Signals Ws?
It is built and maintained by SunnyZhou (@sunnyztj); the current version is v1.3.0.
More Skills