功能描述

Use this skill when the user asks to manage Binance assets, check account security, scan for arbitrage opportunities, or perform automated dust sweeps. Comma...

使用说明 (SKILL.md)

AegisClaw - 金甲龙虾 (Binance Security & Profit Guardian)

Name: AegisClaw - 金甲龙虾
Author: hyy2099

🦞 A defensive AI agent based on the principle of least privilege and Binance sub-account ecosystem, focusing on low-risk automated asset management and arbitrage.

When to Use This Skill

Use this skill when the user asks to:

Check Binance account security status
Scan for idle assets and dust
Monitor funding rate arbitrage opportunities
Perform dust sweeps (convert small balances to BNB)
Generate weekly profit reports
Initialize or configure Binance API connection

Commands

Command	Description	Example
`init \x3Capi_key> \x3Capi_secret>`	Initialize plugin with Binance API credentials	`/aegisclaw init key secret`
`check`	Run security fence check	`/aegisclaw check`
`scan`	Scan idle assets and dust	`/aegisclaw scan`
`arbitrage`	Scan funding rate arbitrage opportunities	`/aegisclaw arbitrage`
`dust [assets]`	Execute dust sweep (convert small balances)	`/aegisclaw dust`
`report`	Generate weekly profit report	`/aegisclaw report`
`status`	View current status	`/aegisclaw status`
`help`	Display help information	`/aegisclaw help`

Required Environment Variables

The skill requires the following environment variables (set via .env file or system environment):

BINANCE_API_KEY - Binance API Key (required)
BINANCE_API_SECRET - Binance API Secret (required)
BINANCE_TESTNET - Whether to use testnet (optional, default: false)

Key Features

🛡️ Security Fence

Sub-account sandbox isolation - Recommended to use independent sub-accounts
API permission self-check - Automatically detect and warn of dangerous permission configurations
Operation firewall - Slippage limits, trading frequency control

💰 Profit Engine

Launchpool/Megadrop monitoring - Intelligent scan for new mining opportunities
Automatic dust conversion - Automatically convert small assets to BNB (Dust Sweeper)
Funding rate arbitrage - Risk-free arbitrage between spot and futures

📊 Data Statistics

Balance snapshot recording - Automatically save daily asset snapshots
Trade history tracking - SQLite database persistence
Weekly profit reports - One-click generate and share profit reports

Security Recommendations

Use Sub-accounts: Create a sub-account with only 500-1000 USDT for operations. Do not use main accounts.
Limit API Permissions:
- ✅ Enable: Spot Trading (SPOT)
- ❌ Disable: Withdrawals (WITHDRAW)
- ❌ Disable: Futures Trading (FUTURES)
Bind IP Whitelist: Restrict API to access from specific IPs only. Regularly check IP whitelist.
Control Fund Scale: Sub-account funds recommended within 1000 USDT. Use idle funds that won't affect daily life.

Usage Flow

Initial Setup

Initialize with API credentials: /aegisclaw init \x3Capi_key> \x3Capi_secret>
Run security check: /aegisclaw check
Verify account type and permissions

Daily Operations

Scan assets: /aegisclaw scan
Check arbitrage opportunities: /aegisclaw arbitrage
Execute dust sweep if needed: /aegisclaw dust

Weekly Review

Generate weekly report: /aegisclaw report
Review profit/loss and asset distribution

Error Handling

Invalid API credentials: The skill will report initialization failure and prompt to check API key and secret
Permission denied: If API lacks required permissions, the skill will warn and suggest adjusting settings
Rate limit exceeded: The skill will notify you to retry later
Network error: The skill will attempt one retry before asking user to try again later

Integration Notes

This skill integrates with OpenClaw through the plugin interface in openclaw_plugin/plugin.py. It can be called via:

Direct commands in chat interfaces
Scheduled tasks via cron jobs
Automated workflows with other skills

Key Safety Points

Never share or expose API keys or secrets in logs or user-facing messages
Always validate permissions before executing trading operations
Use sub-accounts with limited funds for safety
Monitor account balance regularly and set reasonable limits
This skill is designed for low-risk operations - avoid high-risk trading strategies

Repository & Support

GitHub: https://github.com/hyy2099/aegisclaw
License: MIT
Author: hyy2099

🦞 AegisClaw - Your Binance risk-free profit guardian and asset protector

安全使用建议

Do not install or provide real Binance API keys until you verify the source repository and review the code (especially openclaw_plugin/plugin.py and install.py). Specific actions: - Confirm the plugin's canonical repository (the SKILL.md points to https://github.com/hyy2099/aegisclaw). Inspect that upstream repo and commit history. - Review openclaw_plugin/plugin.py and main.py to see how credentials are stored/transmitted and whether any external endpoints beyond Binance/Telegram are contacted. - Only create a Binance sub-account with minimal funds and generate an API key with trading (SPOT) enabled and WITHDRAW disabled; bind key to IP whitelist if possible. - Look for undeclared env vars (TELEGRAM_BOT_TOKEN / TELEGRAM_CHAT_ID, HTTPS_PROXY) and decide whether you want notification features; ensure they are set only if you trust the code. - If you lack the expertise to audit the code, run the skill in an isolated environment (isolated VM/container) and use testnet keys first (set BINANCE_TESTNET=true) to observe behavior before providing real credentials. - Prefer to avoid giving full keys until you confirm that the skill does not exfiltrate data or call unknown endpoints; check network activity during a test run. These inconsistencies (missing declared env vars and install claims) are not proof of malice but are reason to pause and verify before giving it access to your funds.

功能分析

Type: OpenClaw Skill Name: aegisclaw Version: 1.0.0 AegisClaw is a Binance asset management and arbitrage tool designed to automate low-risk operations like dust conversion and funding rate monitoring. The code follows standard security practices for financial bots, including HMAC-SHA256 request signing in core/api_client.py and a dedicated security module (core/security_checker.py) that warns users if dangerous API permissions (e.g., withdrawals) are enabled. No evidence of data exfiltration, obfuscation, or malicious prompt injection was found; the tool's behavior aligns strictly with its stated purpose of defensive asset management.

能力评估

⚠ Purpose & Capability

The skill's name/description and code implement Binance account management, arbitrage scanning, dust sweeps and reporting — that capability reasonably requires BINANCE_API_KEY and BINANCE_API_SECRET. However the registry metadata at the top lists no required environment variables or primary credential, which contradicts the SKILL.md and code. The project also contains setup.py, requirements.txt and multiple Python modules (not an instruction-only bundle), so the 'instruction-only'/install claim is inconsistent with the actual package contents.

⚠ Instruction Scope

SKILL.md explicitly requires Binance API credentials and lists commands (init, scan, dust, arbitrage, etc.) which align with code. But SKILL.md and the registry disagree (registry omitted required env vars). The instructions mention scheduled tasks and automated workflows — combined with code that can place orders (new_order, dust_transfer) this grants the plugin broad ability to interact with user accounts. The SKILL.md does not mention some environment/config values the code reads (e.g., Telegram bot token, HTTPS_PROXY), which is a scope discrepancy.

⚠ Install Mechanism

The manifest says 'No install spec — instruction-only', yet the package contains many code files, setup.py and requirements.txt, implying it is intended to be installed/run. There is no explicit install URL or packaged release, and the clawhub/CLAWHUB instructions reference publishing. This mismatch (claimed instruction-only vs actual code) is an integrity/packaging concern you should resolve by verifying the source repository.

⚠ Credentials

SKILL.md and config.py require BINANCE_API_KEY and BINANCE_API_SECRET (expected for Binance operations). However: (1) the registry metadata omitted these required env vars, (2) config.py also reads TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID though SKILL.md doesn't document them, and (3) the API client will honor HTTPS_PROXY/HTTP_PROXY environment variables. Requiring API keys for trading is expected, but any undeclared tokens or network/proxy behavior should be made explicit before trusting keys. Ensure withdraw privilege is disabled and permissions are limited to SPOT/trade only.

ℹ Persistence & Privilege

always:false (no forced global inclusion). The skill persists data locally in an SQLite DB (db/aegisclaw.db) and logs operations — this is expected for reports/auditing. The plugin can be invoked autonomously (platform default); combined with trading capabilities this increases blast radius if misused, but autonomous invocation alone is not a disqualifier. There's no evidence the skill attempts to modify other skills or system-wide configs.

版本历史

v1.0.0

Initial release - 币安安全赚币与护境神将

元数据

Slug aegisclaw

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

AegisClaw - 金甲龙虾是什么？

Use this skill when the user asks to manage Binance assets, check account security, scan for arbitrage opportunities, or perform automated dust sweeps. Comma... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 252 次。

如何安装 AegisClaw - 金甲龙虾？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install aegisclaw」即可一键安装，无需额外配置。

AegisClaw - 金甲龙虾是免费的吗？

是的，AegisClaw - 金甲龙虾完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

AegisClaw - 金甲龙虾支持哪些平台？

AegisClaw - 金甲龙虾跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 AegisClaw - 金甲龙虾？

由 hyy2099（@hyy2099）开发并维护，当前版本 v1.0.0。

AegisClaw - 金甲龙虾