← Back to Skills Marketplace
OpenMM Portfolio
by
Angelos Kappos
· GitHub ↗
· v0.1.1
366
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install openmm-portfolio
Description
Balance tracking, order overview, and market data across exchanges using OpenMM.
Usage Guidance
This skill appears to be the openmm CLI wrapper it claims to be, but there are a few red flags you should address before installing or providing secrets:
- Metadata inconsistency: the registry lists all four exchange API_KEY variables as required, but the instructions say you only need to configure at least one exchange. Do not assume you must supply every key — verify whether keys are truly required and why metadata requires them.
- Undeclared secrets: SKILL.md shows additional environment variables (SECRETS and BITGET_PASSPHRASE) that are not declared in metadata. Ask where and how these are used and stored, and whether they are optional.
- Inspect the npm package: the skill installs @3rd-eye-labs/openmm to provide the binary. Before installing, check the package source on the npm registry or its repository to ensure it does not exfiltrate credentials, persist them insecurely, or perform unexpected network calls.
- Use least-privilege keys: supply read-only API keys with limited permissions (no trading/withdraw) and consider using exchange sub-accounts or IP whitelisting while testing.
- Ask for clarification: request the skill author to (a) correct required.env to include any required SECRETS/PASSPHRASE or state they are optional, (b) document exactly where credentials are stored and how they are protected, and (c) provide a link to the npm package source/repo for review.
If you cannot validate these points, avoid providing live API secrets or install in a production environment.
Capability Analysis
Type: OpenClaw Skill
Name: openmm-portfolio
Version: 0.1.1
The skill bundle is classified as benign. Its stated purpose is portfolio management across crypto exchanges, which it achieves by leveraging the `openmm` binary. The `SKILL.md` explicitly limits `bash` execution to commands starting with `openmm:*`, preventing arbitrary shell commands. While it requires sensitive API keys and secrets, these are expected for its functionality and are instructed to be provided via environment variables, a standard practice. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts designed to subvert the agent's behavior for harmful purposes.
Capability Assessment
Purpose & Capability
The skill name/description and the declared required binary (openmm) and npm package (@3rd-eye-labs/openmm) align with a portfolio/market-data tool. However the registry metadata lists four required API_KEY environment variables (MEXC_API_KEY, GATEIO_API_KEY, BITGET_API_KEY, KRAKEN_API_KEY) while the SKILL.md says 'At least one exchange must be configured' — requiring all four keys in metadata is inconsistent with the stated requirement. This mismatch is unexplained and makes the declared requirements not proportional to the described purpose.
Instruction Scope
The runtime instructions are narrowly scoped to running the openmm CLI (balance, orders, ticker, orderbook, etc.), which is expected. But SKILL.md references additional environment variables that are not declared in metadata (e.g., MEXC_SECRET, MEXC_UID, GATEIO_SECRET, BITGET_SECRET, BITGET_PASSPHRASE, KRAKEN_SECRET) and says 'Credentials are set via environment variables and stored locally' without specifying where or how. The instructions therefore access/expect secrets beyond the declared required.env and leave vague storage behavior — both are red flags for credential handling and scope clarity.
Install Mechanism
Install is via an npm package (@3rd-eye-labs/openmm) that provides the openmm binary. This is a common, expected mechanism for providing a CLI. It's a moderate-risk install (third-party npm package); there is no direct download-from-URL or archive extract. You should verify the npm package's publisher, inspect its source, and confirm it does not perform unexpected network calls or write secrets to unexpected locations.
Credentials
Requesting exchange API keys is reasonable for a cross-exchange portfolio tool, but the metadata requires four API_KEY variables even though the instructions say only one exchange must be configured. Additionally, SKILL.md expects secrets and a passphrase for some exchanges but those are not declared in the required.env list. Requiring multiple unrelated credentials up-front (or declaring them as all required) is disproportionate and ambiguous; the skill also does not explain permission scope (read-only vs trading) or where credentials are stored.
Persistence & Privilege
The skill does not request always:true, does not list config paths, and does not claim to modify other skills or system-wide settings. Model invocation is allowed (default) which is normal for skills — this is not by itself a problem. The only persistence hint is SKILL.md's vague statement that credentials are "stored locally," which should be clarified before use.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openmm-portfolio - After installation, invoke the skill by name or use
/openmm-portfolio - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
openmm-portfolio 0.1.1
- Added a "Required Credentials" section with detailed environment variable instructions for each supported exchange.
- Clarified tips for usage, including asset symbol formats and minimum order requirements per exchange.
- Updated the tools table: added `get_orderbook`, `get_trades`, and `discover_pools` for portfolio management.
- Declared tool permissions (`Read`, `Glob`, `Grep`, `Bash(openmm:*)`) and license information in metadata.
- Added a new reference file: references/exchange-data.md.
v0.1.0
openmm-portfolio 0.1.0 – Initial release
- Introduces unified portfolio management tools for balances, orders, and market data across supported exchanges with OpenMM.
- Provides commands for viewing balances (all/specific assets), listing and filtering open orders, and checking real-time prices, order books, and trades.
- Enables price comparison across exchanges and aggregated Cardano token pricing from DEX/CEX pools.
- Documents integration with MCP server tools for comprehensive portfolio overview and trading strategy monitoring.
- Includes tips for safe and effective portfolio management.
Metadata
Frequently Asked Questions
What is OpenMM Portfolio?
Balance tracking, order overview, and market data across exchanges using OpenMM. It is an AI Agent Skill for Claude Code / OpenClaw, with 366 downloads so far.
How do I install OpenMM Portfolio?
Run "/install openmm-portfolio" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenMM Portfolio free?
Yes, OpenMM Portfolio is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenMM Portfolio support?
OpenMM Portfolio is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenMM Portfolio?
It is built and maintained by Angelos Kappos (@adacapo21); the current version is v0.1.1.
More Skills