← 返回 Skills 市场
adacapo21

OpenMM Portfolio

作者 Angelos Kappos · GitHub ↗ · v0.1.1
cross-platform ⚠ suspicious
366
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install openmm-portfolio
功能描述
Balance tracking, order overview, and market data across exchanges using OpenMM.
安全使用建议
This skill appears to be the openmm CLI wrapper it claims to be, but there are a few red flags you should address before installing or providing secrets: - Metadata inconsistency: the registry lists all four exchange API_KEY variables as required, but the instructions say you only need to configure at least one exchange. Do not assume you must supply every key — verify whether keys are truly required and why metadata requires them. - Undeclared secrets: SKILL.md shows additional environment variables (SECRETS and BITGET_PASSPHRASE) that are not declared in metadata. Ask where and how these are used and stored, and whether they are optional. - Inspect the npm package: the skill installs @3rd-eye-labs/openmm to provide the binary. Before installing, check the package source on the npm registry or its repository to ensure it does not exfiltrate credentials, persist them insecurely, or perform unexpected network calls. - Use least-privilege keys: supply read-only API keys with limited permissions (no trading/withdraw) and consider using exchange sub-accounts or IP whitelisting while testing. - Ask for clarification: request the skill author to (a) correct required.env to include any required SECRETS/PASSPHRASE or state they are optional, (b) document exactly where credentials are stored and how they are protected, and (c) provide a link to the npm package source/repo for review. If you cannot validate these points, avoid providing live API secrets or install in a production environment.
功能分析
Type: OpenClaw Skill Name: openmm-portfolio Version: 0.1.1 The skill bundle is classified as benign. Its stated purpose is portfolio management across crypto exchanges, which it achieves by leveraging the `openmm` binary. The `SKILL.md` explicitly limits `bash` execution to commands starting with `openmm:*`, preventing arbitrary shell commands. While it requires sensitive API keys and secrets, these are expected for its functionality and are instructed to be provided via environment variables, a standard practice. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts designed to subvert the agent's behavior for harmful purposes.
能力评估
Purpose & Capability
The skill name/description and the declared required binary (openmm) and npm package (@3rd-eye-labs/openmm) align with a portfolio/market-data tool. However the registry metadata lists four required API_KEY environment variables (MEXC_API_KEY, GATEIO_API_KEY, BITGET_API_KEY, KRAKEN_API_KEY) while the SKILL.md says 'At least one exchange must be configured' — requiring all four keys in metadata is inconsistent with the stated requirement. This mismatch is unexplained and makes the declared requirements not proportional to the described purpose.
Instruction Scope
The runtime instructions are narrowly scoped to running the openmm CLI (balance, orders, ticker, orderbook, etc.), which is expected. But SKILL.md references additional environment variables that are not declared in metadata (e.g., MEXC_SECRET, MEXC_UID, GATEIO_SECRET, BITGET_SECRET, BITGET_PASSPHRASE, KRAKEN_SECRET) and says 'Credentials are set via environment variables and stored locally' without specifying where or how. The instructions therefore access/expect secrets beyond the declared required.env and leave vague storage behavior — both are red flags for credential handling and scope clarity.
Install Mechanism
Install is via an npm package (@3rd-eye-labs/openmm) that provides the openmm binary. This is a common, expected mechanism for providing a CLI. It's a moderate-risk install (third-party npm package); there is no direct download-from-URL or archive extract. You should verify the npm package's publisher, inspect its source, and confirm it does not perform unexpected network calls or write secrets to unexpected locations.
Credentials
Requesting exchange API keys is reasonable for a cross-exchange portfolio tool, but the metadata requires four API_KEY variables even though the instructions say only one exchange must be configured. Additionally, SKILL.md expects secrets and a passphrase for some exchanges but those are not declared in the required.env list. Requiring multiple unrelated credentials up-front (or declaring them as all required) is disproportionate and ambiguous; the skill also does not explain permission scope (read-only vs trading) or where credentials are stored.
Persistence & Privilege
The skill does not request always:true, does not list config paths, and does not claim to modify other skills or system-wide settings. Model invocation is allowed (default) which is normal for skills — this is not by itself a problem. The only persistence hint is SKILL.md's vague statement that credentials are "stored locally," which should be clarified before use.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openmm-portfolio
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openmm-portfolio 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
openmm-portfolio 0.1.1 - Added a "Required Credentials" section with detailed environment variable instructions for each supported exchange. - Clarified tips for usage, including asset symbol formats and minimum order requirements per exchange. - Updated the tools table: added `get_orderbook`, `get_trades`, and `discover_pools` for portfolio management. - Declared tool permissions (`Read`, `Glob`, `Grep`, `Bash(openmm:*)`) and license information in metadata. - Added a new reference file: references/exchange-data.md.
v0.1.0
openmm-portfolio 0.1.0 – Initial release - Introduces unified portfolio management tools for balances, orders, and market data across supported exchanges with OpenMM. - Provides commands for viewing balances (all/specific assets), listing and filtering open orders, and checking real-time prices, order books, and trades. - Enables price comparison across exchanges and aggregated Cardano token pricing from DEX/CEX pools. - Documents integration with MCP server tools for comprehensive portfolio overview and trading strategy monitoring. - Includes tips for safe and effective portfolio management.
元数据
Slug openmm-portfolio
版本 0.1.1
许可证
累计安装 1
当前安装数 1
历史版本数 2
常见问题

OpenMM Portfolio 是什么?

Balance tracking, order overview, and market data across exchanges using OpenMM. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 366 次。

如何安装 OpenMM Portfolio?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openmm-portfolio」即可一键安装,无需额外配置。

OpenMM Portfolio 是免费的吗?

是的,OpenMM Portfolio 完全免费(开源免费),可自由下载、安装和使用。

OpenMM Portfolio 支持哪些平台?

OpenMM Portfolio 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenMM Portfolio?

由 Angelos Kappos(@adacapo21)开发并维护,当前版本 v0.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论