← 返回 Skills 市场
shenmeng

DEX Arbitrage DEX套利

作者 shenmeng · GitHub ↗ · v2025.4.12 · MIT-0
cross-platform ⚠ suspicious
462
总下载
0
收藏
0
当前安装
38
版本数
在 OpenClaw 中安装
/install shenmeng-dex-arbitrage
功能描述
DEX搬砖套利助手。当用户需要寻找不同DEX间的价格差异、执行跨交易所套利、监控搬砖机会、计算套利收益或设计自动化搬砖策略时使用。支持跨DEX套利、跨链套利、三角套利、闪电贷套利、CEX-DEX套利等多种搬砖模式,涵盖以太坊、BSC、Arbitrum等多链生态。
安全使用建议
This skill contains real arbitrage code but also includes a built-in billing integration with a hardcoded API key and inconsistent metadata. Treat it as suspicious: do not run it with any sensitive credentials or deploy it in production. Before using/installing, ask the maintainer to: (1) remove the hardcoded BILLING_API_KEY and move secret keys to documented environment variables, (2) reconcile meta.json vs registry-required env vars, (3) provide the missing referenced files or fix SKILL.md, and (4) explain who controls the SkillPay account and how charges are handled. If you must test it, run it in an isolated sandbox with network egress restricted and no wallet/private keys present. Avoid entering personal/private keys or wallet secrets until these issues are resolved.
功能分析
Type: OpenClaw Skill Name: shenmeng-dex-arbitrage Version: 2025.4.12 The bundle implements a mandatory pay-per-use mechanism in `payment.py` that utilizes a hardcoded API key (`sk_f03aa8f8...`) to communicate with an external billing service (`skillpay.me`). The `SKILL.md` file contains instructions for the AI agent to enforce a 0.01 USDT fee per call, effectively creating a paywall for the skill's functionality. While the arbitrage calculators and flash loan generators in the `scripts/` directory appear functionally consistent with the stated purpose, the hardcoded credentials and the integration of an unverified third-party payment system represent significant security risks and potential for unauthorized monetization.
能力标签
cryptorequires-walletcan-make-purchasescan-sign-transactions
能力评估
Purpose & Capability
The skill’s code (price monitor, arbitrage calculator, flashloan generator) matches the DEX arbitrage purpose. However the package embeds a SkillPay billing integration (meta.json + payment.py + SKILL.md payment instructions). The registry metadata provided to the scanner lists no required env vars, but meta.json declares SKILLPAY_API_KEY and SKILLPAY_USER_ID as required — an inconsistency. Charging users can be legitimate for a paid skill, but the billing implementation (see hardcoded API key) is unexpected and needs justification.
Instruction Scope
SKILL.md instructs the agent to run/offer scripts and to use external services (Flashbots, private RPCs) which is appropriate for arbitrage. But the documentation references files that do not appear in the manifest (e.g., scripts/flashloan_arbitrage.sol, cross_chain_arbitrage.py), creating a mismatch. The runtime instructions also require performing network calls (payment endpoint, RPCs) and potentially deploying/using contracts — actions that require private keys and credentials that are not declared or scoped in the skill. That vagueness grants broad discretion and is a risk for accidental misuse.
Install Mechanism
This is instruction-plus-code with no install spec; nothing is downloaded or extracted at install time. That lowers the install-time risk surface. The included Python scripts will perform network calls at runtime, but there is no installer that pulls arbitrary remote code.
Credentials
There is a clear mismatch between declared required env vars (none) and the skill internals: meta.json declares SKILLPAY_API_KEY and SKILLPAY_USER_ID as required, and payment.py reads SKILLPAY_USER_ID from the environment. Worse: payment.py contains a long hardcoded BILLING_API_KEY string in plaintext. Embedding an API key in code is a significant security/operational risk (exfiltration, unauthorized charges, key compromise) and is disproportionate to the documented arbitrage functionality.
Persistence & Privilege
always is false and the skill does not request system-wide configuration changes. The agent can invoke the skill autonomously (platform default). Combined with the billing calls and network-enabled scripts, autonomous invocation increases blast radius, but autonomous invocation alone is normal and not flagged by itself.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install shenmeng-dex-arbitrage
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /shenmeng-dex-arbitrage 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2025.4.12
No changes detected for version 2025.4.12. - This release does not include any file modifications or user-facing updates. - All features and documentation remain the same as the previous version.
v1.0.1775943917
No changes detected in this version. - This version does not include any updates or modifications to the skill files.
v2026.4.12
No changes detected in this version. - No file changes were made between the previous and current version. - Functionality and documentation remain the same as before.
v7.0.0
No file changes detected for this version. Functionality and documentation remain the same. No updates required for users.
v2026.4.11-1245
No file changes detected for version 2026.4.11-1245. - No updates or modifications in this release. - All features, documentation, and functionality remain the same as in the previous version.
v2026.4.11
- No changes detected in the skill's code or documentation compared to the previous version. - Functionality, features, and usage remain the same as before.
v1.0.10
- No file changes detected; version number updated only. - All features, documentation, and skill descriptions remain the same as the previous version. - No impact to usage, compatibility, or user experience.
v6.0.0
No changes detected in files. This version does not introduce any updates or modifications.
v2025.4.10
No changes detected in this version. - No file changes or updates found compared to previous version. - Functionality, features, and documentation remain unchanged.
v2.0.1
- No changes detected in this version; content remains the same as the previous release. - All core features, usage instructions, and technical details are unchanged.
v2025.4.10-1
No changes detected in this version. - No file changes were made for version 2025.4.10-1. - Functionality and documentation remain unchanged from the previous release.
v2025.4.1
No changes detected in files for this version (2025.4.1). - No content or functionality updates were made. - Existing documentation and features remain unchanged.
v50.0.3
Version 50.0.3 - No file changes detected in this release. - No updates to core functionality, documentation, or features. - The skill’s structure, description, and capabilities remain unchanged from the previous version.
v50.0.1
No visible changes detected in this version. - No file or documentation changes between 50.0.0 and 50.0.1. - Functionality and user experience remain unchanged.
v1.1.1
No file changes detected for version 1.1.1. - This version does not introduce any changes to the skill files or documentation. - All features and content remain the same as the previous version.
v2025.1.0
No file changes detected for version 2025.1.0. - No changes were made in this version. - Previous content and functionality remain unchanged.
v99999.99.99
- No file changes detected in this version. - No updates or modifications made to the skill or its documentation. - Functionality, features, and descriptions remain unchanged from the previous version.
v2025.4.9
- No file changes detected in this version. - No updates or modifications were made to the skill contents, documentation, or code. - Functionality, usage, and features remain unchanged from the previous release.
v1000.0.0
- Initial release of the dex-arbitrage skill. - Helps users discover and execute arbitrage opportunities across different DEXs and blockchains. - Supports multiple arbitrage modes: cross-DEX, cross-chain, triangular, flash loan, and CEX-DEX. - Provides profit calculation, risk management, strategy guidance, and automation script templates. - Covers major ecosystems including Ethereum, BSC, Arbitrum, Optimism, and Polygon. - Integrated with SkillPay; each use requires 0.01 USDT via BNB Chain.
v100.0.0
No changes detected in this version. - No code or documentation updates were made for version 100.0.0. - Functionality and features remain the same as the previous release.
元数据
Slug shenmeng-dex-arbitrage
版本 2025.4.12
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 38
常见问题

DEX Arbitrage DEX套利 是什么?

DEX搬砖套利助手。当用户需要寻找不同DEX间的价格差异、执行跨交易所套利、监控搬砖机会、计算套利收益或设计自动化搬砖策略时使用。支持跨DEX套利、跨链套利、三角套利、闪电贷套利、CEX-DEX套利等多种搬砖模式,涵盖以太坊、BSC、Arbitrum等多链生态。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 462 次。

如何安装 DEX Arbitrage DEX套利?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install shenmeng-dex-arbitrage」即可一键安装,无需额外配置。

DEX Arbitrage DEX套利 是免费的吗?

是的,DEX Arbitrage DEX套利 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

DEX Arbitrage DEX套利 支持哪些平台?

DEX Arbitrage DEX套利 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 DEX Arbitrage DEX套利?

由 shenmeng(@shenmeng)开发并维护,当前版本 v2025.4.12。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论