DEX Arbitrage DEX套利

Name: DEX Arbitrage DEX套利
Author: shenmeng

Description

DEX搬砖套利助手。当用户需要寻找不同DEX间的价格差异、执行跨交易所套利、监控搬砖机会、计算套利收益或设计自动化搬砖策略时使用。支持跨DEX套利、跨链套利、三角套利、闪电贷套利、CEX-DEX套利等多种搬砖模式，涵盖以太坊、BSC、Arbitrum等多链生态。

Usage Guidance

This skill contains real arbitrage code but also includes a built-in billing integration with a hardcoded API key and inconsistent metadata. Treat it as suspicious: do not run it with any sensitive credentials or deploy it in production. Before using/installing, ask the maintainer to: (1) remove the hardcoded BILLING_API_KEY and move secret keys to documented environment variables, (2) reconcile meta.json vs registry-required env vars, (3) provide the missing referenced files or fix SKILL.md, and (4) explain who controls the SkillPay account and how charges are handled. If you must test it, run it in an isolated sandbox with network egress restricted and no wallet/private keys present. Avoid entering personal/private keys or wallet secrets until these issues are resolved.

Capability Analysis

Type: OpenClaw Skill Name: shenmeng-dex-arbitrage Version: 2025.4.12 The bundle implements a mandatory pay-per-use mechanism in `payment.py` that utilizes a hardcoded API key (`sk_f03aa8f8...`) to communicate with an external billing service (`skillpay.me`). The `SKILL.md` file contains instructions for the AI agent to enforce a 0.01 USDT fee per call, effectively creating a paywall for the skill's functionality. While the arbitrage calculators and flash loan generators in the `scripts/` directory appear functionally consistent with the stated purpose, the hardcoded credentials and the integration of an unverified third-party payment system represent significant security risks and potential for unauthorized monetization.

Capability Tags

cryptorequires-walletcan-make-purchasescan-sign-transactions

Capability Assessment

ℹ Purpose & Capability

The skill’s code (price monitor, arbitrage calculator, flashloan generator) matches the DEX arbitrage purpose. However the package embeds a SkillPay billing integration (meta.json + payment.py + SKILL.md payment instructions). The registry metadata provided to the scanner lists no required env vars, but meta.json declares SKILLPAY_API_KEY and SKILLPAY_USER_ID as required — an inconsistency. Charging users can be legitimate for a paid skill, but the billing implementation (see hardcoded API key) is unexpected and needs justification.

⚠ Instruction Scope

SKILL.md instructs the agent to run/offer scripts and to use external services (Flashbots, private RPCs) which is appropriate for arbitrage. But the documentation references files that do not appear in the manifest (e.g., scripts/flashloan_arbitrage.sol, cross_chain_arbitrage.py), creating a mismatch. The runtime instructions also require performing network calls (payment endpoint, RPCs) and potentially deploying/using contracts — actions that require private keys and credentials that are not declared or scoped in the skill. That vagueness grants broad discretion and is a risk for accidental misuse.

✓ Install Mechanism

This is instruction-plus-code with no install spec; nothing is downloaded or extracted at install time. That lowers the install-time risk surface. The included Python scripts will perform network calls at runtime, but there is no installer that pulls arbitrary remote code.

⚠ Credentials

There is a clear mismatch between declared required env vars (none) and the skill internals: meta.json declares SKILLPAY_API_KEY and SKILLPAY_USER_ID as required, and payment.py reads SKILLPAY_USER_ID from the environment. Worse: payment.py contains a long hardcoded BILLING_API_KEY string in plaintext. Embedding an API key in code is a significant security/operational risk (exfiltration, unauthorized charges, key compromise) and is disproportionate to the documented arbitrage functionality.

ℹ Persistence & Privilege

always is false and the skill does not request system-wide configuration changes. The agent can invoke the skill autonomously (platform default). Combined with the billing calls and network-enabled scripts, autonomous invocation increases blast radius, but autonomous invocation alone is normal and not flagged by itself.

Version History

v2025.4.12

No changes detected for version 2025.4.12. - This release does not include any file modifications or user-facing updates. - All features and documentation remain the same as the previous version.

v1.0.1775943917

No changes detected in this version. - This version does not include any updates or modifications to the skill files.

v2026.4.12

No changes detected in this version. - No file changes were made between the previous and current version. - Functionality and documentation remain the same as before.

v7.0.0

No file changes detected for this version. Functionality and documentation remain the same. No updates required for users.

v2026.4.11-1245

No file changes detected for version 2026.4.11-1245. - No updates or modifications in this release. - All features, documentation, and functionality remain the same as in the previous version.

v2026.4.11

- No changes detected in the skill's code or documentation compared to the previous version. - Functionality, features, and usage remain the same as before.

v1.0.10

- No file changes detected; version number updated only. - All features, documentation, and skill descriptions remain the same as the previous version. - No impact to usage, compatibility, or user experience.

v6.0.0

No changes detected in files. This version does not introduce any updates or modifications.

v2025.4.10

No changes detected in this version. - No file changes or updates found compared to previous version. - Functionality, features, and documentation remain unchanged.

v2.0.1

- No changes detected in this version; content remains the same as the previous release. - All core features, usage instructions, and technical details are unchanged.

v2025.4.10-1

No changes detected in this version. - No file changes were made for version 2025.4.10-1. - Functionality and documentation remain unchanged from the previous release.

v2025.4.1

No changes detected in files for this version (2025.4.1). - No content or functionality updates were made. - Existing documentation and features remain unchanged.

v50.0.3

Version 50.0.3 - No file changes detected in this release. - No updates to core functionality, documentation, or features. - The skill’s structure, description, and capabilities remain unchanged from the previous version.

v50.0.1

No visible changes detected in this version. - No file or documentation changes between 50.0.0 and 50.0.1. - Functionality and user experience remain unchanged.

v1.1.1

No file changes detected for version 1.1.1. - This version does not introduce any changes to the skill files or documentation. - All features and content remain the same as the previous version.

v2025.1.0

No file changes detected for version 2025.1.0. - No changes were made in this version. - Previous content and functionality remain unchanged.

v99999.99.99

- No file changes detected in this version. - No updates or modifications made to the skill or its documentation. - Functionality, features, and descriptions remain unchanged from the previous version.

v2025.4.9

- No file changes detected in this version. - No updates or modifications were made to the skill contents, documentation, or code. - Functionality, usage, and features remain unchanged from the previous release.

v1000.0.0

- Initial release of the dex-arbitrage skill. - Helps users discover and execute arbitrage opportunities across different DEXs and blockchains. - Supports multiple arbitrage modes: cross-DEX, cross-chain, triangular, flash loan, and CEX-DEX. - Provides profit calculation, risk management, strategy guidance, and automation script templates. - Covers major ecosystems including Ethereum, BSC, Arbitrum, Optimism, and Polygon. - Integrated with SkillPay; each use requires 0.01 USDT via BNB Chain.

v100.0.0

No changes detected in this version. - No code or documentation updates were made for version 100.0.0. - Functionality and features remain the same as the previous release.

Metadata

Slug shenmeng-dex-arbitrage

Version 2025.4.12

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 38

Frequently Asked Questions

What is DEX Arbitrage DEX套利?

DEX搬砖套利助手。当用户需要寻找不同DEX间的价格差异、执行跨交易所套利、监控搬砖机会、计算套利收益或设计自动化搬砖策略时使用。支持跨DEX套利、跨链套利、三角套利、闪电贷套利、CEX-DEX套利等多种搬砖模式，涵盖以太坊、BSC、Arbitrum等多链生态。 It is an AI Agent Skill for Claude Code / OpenClaw, with 462 downloads so far.

How do I install DEX Arbitrage DEX套利?

Run "/install shenmeng-dex-arbitrage" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is DEX Arbitrage DEX套利 free?

Yes, DEX Arbitrage DEX套利 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does DEX Arbitrage DEX套利 support?

DEX Arbitrage DEX套利 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created DEX Arbitrage DEX套利?

It is built and maintained by shenmeng (@shenmeng); the current version is v2025.4.12.

More Skills

What is DEX Arbitrage DEX套利?

How do I install DEX Arbitrage DEX套利?

Is DEX Arbitrage DEX套利 free?

Which platforms does DEX Arbitrage DEX套利 support?

Who created DEX Arbitrage DEX套利?

💬 Comments