← 返回 Skills 市场

RiskState — Risk Governor for Crypto Trading Agents

Name: RiskState — Risk Governor for Crypto Trading Agents
Author: likidodefi

作者 Likido · GitHub ↗ · v1.2.2 · MIT-0

cross-platform ⚠ suspicious

154

总下载

当前安装

版本数

在 OpenClaw 中安装

/install riskstate

功能描述

Deterministic risk governance API for autonomous crypto trading agents. Returns position limits, allowed actions, and policy constraints from 30+ real-time s...

安全使用建议

What to check before installing or enabling this skill: - Verify the API host and ownership: SKILL.md points at https://riskstate.netlify.app for the API while the homepage is https://riskstate.ai. Confirm that riskstate.netlify.app is an intentional API host for RiskState (e.g., check the official website, GitHub repo, and maintainers) before sending an API key. - Provide a limited-scope key: use an "external"/read-only key (rs_live_ type) if possible, and avoid giving any owner/admin keys to the skill. Do not hardcode keys into source; use environment variables as recommended. - Correct the metadata gap: the registry metadata claims no required env vars, but SKILL.md requires RISKSTATE_API_KEY. Ask the publisher or registry to update the metadata so the platform can surface the prompt for the API key and label required permissions correctly. - Test with minimal data and monitoring: try one-off calls and verify network traffic (outbound destination, IPs, TLS certificate) and response shape before enabling the skill for autonomous use. Monitor API usage and rotate keys if anything looks unexpected. - Treat wallet parameter as sensitive: only supply wallet addresses when you intend on DeFi monitoring; the wallet parameter is relevant but it can expose on-chain linkage for that key. If the publisher provides a clarified package (metadata listing RISKSTATE_API_KEY) and an expected API host matching their official domain or a documented, trusted endpoint (and you can confirm the GitHub/org), this would reduce the concern. Conversely, unexpected hosts or requests for broader credentials would increase risk.

功能分析

Type: OpenClaw Skill Name: riskstate Version: 1.2.2 The RiskState skill bundle provides a deterministic risk governance API for crypto trading agents to manage position sizing and operational constraints. The documentation (SKILL.md, README.md, and docs/api-v1.md) is comprehensive and consistently describes a service that returns risk-related signals and policy levels based on market data. There is no evidence of malicious intent, data exfiltration, or harmful prompt injection; the instructions provided to the agent are strictly focused on enforcing trading limits and safety protocols (e.g., aborting trades if structural blockers are detected). The API uses standard Bearer token authentication and communicates with a specified Netlify endpoint (https://riskstate.netlify.app).

能力评估

ℹ Purpose & Capability

The skill's name, README, docs, and SKILL.md consistently describe a risk-governor API for crypto trading agents — requiring a single API key and returning permissioning data. That capability legitimately needs an API endpoint and key. However, the registry metadata at the top lists "Required env vars: none" while the SKILL.md explicitly declares env: RISKSTATE_API_KEY and shows authentication via a Bearer token. This metadata mismatch is an incoherence (likely a packaging/metadata error) and should be corrected/confirmed.

✓ Instruction Scope

The runtime instructions are narrow and consistent with the stated purpose: POST JSON to https://riskstate.netlify.app/v1/risk-state with Authorization: Bearer $RISKSTATE_API_KEY. Optional wallet parameter is relevant to DeFi monitoring. The SKILL.md does not instruct the agent to read unrelated files, other credentials, or system secrets.

✓ Install Mechanism

This is an instruction-only skill (no install spec, no code files to execute). That is lower risk because nothing is written or executed locally by the skill itself.

ℹ Credentials

The service needs one credential (an API key) which is proportionate to its function. The concern is the registry metadata failing to list this required env var — users or the platform could miss prompting for the key or mis-handle permission scopes. Also note the docs reference an owner/admin key and external `rs_live_` keys; users should ensure they only supply external keys with limited scope.

✓ Persistence & Privilege

The skill does not request always:true and has no install-time persistence steps. It does not ask to modify other skills or system-wide settings in the provided materials.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install riskstate
安装完成后，直接呼叫该 Skill 的名称或使用 /riskstate 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.2.2

v1.2.2 — Remove owner/admin key references from agent-facing documentation. Simplified Security section to single key type (rs_live_* prefix) with single env var (RISKSTATE_API_KEY). Eliminates credential ambiguity flagged by OpenClaw scanner. Auth section now explicitly names key prefix and env var together.

v1.2.1

v1.2.1 — Standardize credential naming and metadata for marketplace trust scoring. Added env: RISKSTATE_API_KEY to frontmatter. All examples now use $RISKSTATE_API_KEY (was $TOKEN). Full API host in endpoint field. Aligned tags across npm, SKILL.md, and GitHub topics (16 keywords). Fixes OpenClaw scanner "Suspicious" flag.

v1.2.0

RiskState version 1.2.0 - Expanded skill tags for improved searchability and classification. - Added a new "Security" section to documentation, clarifying API host usage and key types. - Stated rate limits and authentication practices for API keys. - No changes to core functionality or API endpoints.

v1.1.1

- Improved documentation in SKILL.md with a clear overview of functionality, detailed usage instructions, and example requests/responses. - Clarified the scope: deterministic risk governor for crypto trading agents, returning position limits, allowed/blocked actions, and policy constraints based on 30+ real-time signals. - Provided explicit policy interpretation, field precedence, and agent behavior for degraded/failure modes. - Added details on authentication, supported assets (BTC, ETH), and polling recommendations. - Enhanced API response documentation, including minimal and detailed outputs for better integration guidance.

元数据

Slug riskstate

版本 1.2.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题

RiskState — Risk Governor for Crypto Trading Agents 是什么？

Deterministic risk governance API for autonomous crypto trading agents. Returns position limits, allowed actions, and policy constraints from 30+ real-time s... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 154 次。

如何安装 RiskState — Risk Governor for Crypto Trading Agents？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install riskstate」即可一键安装，无需额外配置。

RiskState — Risk Governor for Crypto Trading Agents 是免费的吗？

是的，RiskState — Risk Governor for Crypto Trading Agents 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

RiskState — Risk Governor for Crypto Trading Agents 支持哪些平台？

RiskState — Risk Governor for Crypto Trading Agents 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 RiskState — Risk Governor for Crypto Trading Agents？

由 Likido（@likidodefi）开发并维护，当前版本 v1.2.2。