← 返回 Skills 市场
wjllance

Standx Cli

作者 Lance · GitHub ↗ · v0.5.0
cross-platform ⚠ suspicious
589
总下载
0
收藏
0
当前安装
15
版本数
在 OpenClaw 中安装
/install standx-cli
功能描述
Crypto trading CLI for StandX exchange v0.3.5. Use when users need to: (1) Query crypto market data (prices, order books, klines, funding rates), (2) Manage...
安全使用建议
This skill appears to be what it claims (a CLI for StandX), but check a few things before installing or providing credentials: - Verify the upstream repository and author: review https://github.com/wjllance/standx-cli (or the repo referenced) and confirm releases match the SHA sums in the release notes. Don't run curl|sudo blindly. - Note the version mismatch: many files/scripts reference v0.3.5 while the registry shows 0.5.0. Confirm you are installing the intended version. - Prefer Homebrew only if you trust the 'wjllance' tap. If unsure, clone the repo, inspect sources, and build locally or use a vetted distribution channel. - Treat STANDX_JWT and STANDX_PRIVATE_KEY as sensitive: use ephemeral tokens, keep them in restricted files (chmod 600) or environment variables in a session, and rotate tokens regularly. - Avoid passing credentials on the command line (the SKILL.md warns of this); use file-based or env-var authentication as recommended. - If you must run the installer script, inspect it first and verify the GitHub release tarball contents and digital signature (if provided). Consider installing the binary in a sandbox/container first to test behavior. If you want, I can: (1) help list steps to verify the GitHub release (checksums, tags), (2) show a safe checklist for installing third-party CLI binaries, or (3) fetch the repo metadata to compare versions if you provide the repo URL to inspect.
功能分析
Type: OpenClaw Skill Name: standx-cli Version: 0.5.0 The skill is classified as suspicious due to its installation methods, which involve downloading a binary from a remote GitHub release URL via `curl -L` and then moving it to `/usr/local/bin/` using `sudo mv`. While this is a common practice for installing CLI tools and the source (GitHub) is generally trusted, it represents a significant supply chain vulnerability and requires privilege escalation. There is no evidence of intentional malicious behavior, data exfiltration, prompt injection, or obfuscation. The documentation, particularly in `SKILL.md` and `references/troubleshooting.md`, provides good security advice regarding credential handling, warning against insecure storage methods. The 'suspicious' classification is based on the inherent risk of the powerful installation scripts, which could lead to RCE if the remote source were compromised, rather than any malicious intent within the skill itself.
能力评估
Purpose & Capability
The skill's name, description, and runtime instructions consistently describe a crypto trading CLI that requires the 'standx' binary and the StandX JWT/private key for trading — these requirements are coherent with the stated purpose. However, registry-level metadata at the top shows no primary credential while the SKILL.md and openclaw metadata declare STANDX_JWT as the primary credential; that's an internal inconsistency in declarations.
Instruction Scope
SKILL.md instructions stay within the expected scope: installing the 'standx' binary, using it to query market data and manage orders, and guidance for authenticating via environment variables, files, or interactive login. The instructions warn about credential hygiene and do not direct data to unexpected external endpoints beyond the documented StandX API/WebSocket endpoints.
Install Mechanism
Install options use Homebrew (wjllance tap) and curl of GitHub release tarballs, then sudo mv to /usr/local/bin. Downloading from GitHub releases is common and acceptable if the repository is trustworthy, but the Homebrew formula is from a user tap rather than an official repo and the scripts hardcode a specific v0.3.5 artifact while registry/version metadata references v0.5.0 — this version mismatch and reliance on a personal tap/release should be verified (checksums, repository ownership, release provenance) before running the install scripts with sudo.
Credentials
The only sensitive items the skill needs (STANDX_JWT and optionally STANDX_PRIVATE_KEY) are appropriate for a trading CLI. However, registry summary at the top lists no required env/primary credential while the SKILL.md/openclaw metadata declare STANDX_JWT as primary — an inconsistency that could cause misconfiguration or surprise prompts. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and is user-invocable only. The install scripts require sudo to place the binary in /usr/local/bin (normal for CLI installs) but the skill itself does not demand elevated runtime privileges or permanent platform-level presence.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install standx-cli
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /standx-cli 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.5.0
**Summary:** standx-cli v0.5.0 introduces direct, scriptable install options and a reorganized structure for improved deployment and clarity. - Added direct GitHub-based install scripts for Linux and macOS in skill metadata (SKILL.md). - Expanded installation instructions in documentation to include direct download and manual methods. - Released an openclaw/ subdirectory for OpenClaw compatibility, along with a package.json. - Removed references to now-missing authentication, security, and homebrew docs; troubleshooting and examples remain. - Updated SKILL.md metadata: new install methods and a downgraded binary version in the description. - Removed/added various reference and meta files to match the new layout.
v0.4.8
Fix display name from 'Clawhub Publish' to 'StandX CLI'
v0.4.7
Add comprehensive security checklist and installation verification guide
v0.4.6
Add Homebrew security verification information and source metadata
v0.4.5
standx-cli v0.4.5 - Added new reference documentation files: API docs, authentication, examples, and troubleshooting. - Simplified and updated installation instructions; removed direct download/manual/script install steps from documentation and metadata. - Updated version references in documentation to v0.4.5. - Removed deprecated _meta.json file. - Enhanced organization and navigation in the documentation, with dedicated sections for reference links.
v0.4.4
standx-cli v0.4.4 - Updated binary installation commands to use standx-cli v0.4.4 for Linux and macOS. - Improved documentation and security guidance for authentication, recommending environment variables for storing credentials. - Added explicit credential requirements and environment variable descriptions in metadata. - Removed reference documentation files (API docs, examples, troubleshooting) from the repository. - New README.md and _meta.json files added for enhanced documentation and metadata structure.
v0.3.6
- Added new README.md, _meta.json, package.json, and openclaw integration files. - Updated authentication instructions to emphasize secure usage of environment variables and credential security best practices. - Improved metadata to specify primary and optional environment variable credentials for authentication. - Installation scripts and instructions updated to reference StandX CLI v0.3.5. - Reorganized and clarified manual install and credential management guidance.
v0.4.3
Simplify Option 3: Direct Download using install.sh script
v0.4.2
Update to v0.4.2 with Position model fixes
v0.4.1
Improved authentication documentation with detailed JWT Token and Private Key explanations
v0.4.0
Update to v0.4.0 with telemetry and UX improvements
v0.3.5
Update to v0.3.5 with improved install scripts
v0.3.4
Update to v0.3.4 with K-line fix and improved install scripts
v0.3.3
Update to v0.3.3 with latest features
v0.3.2
Initial release with market data, trading, and real-time streaming support
元数据
Slug standx-cli
版本 0.5.0
许可证
累计安装 0
当前安装数 0
历史版本数 15
常见问题

Standx Cli 是什么?

Crypto trading CLI for StandX exchange v0.3.5. Use when users need to: (1) Query crypto market data (prices, order books, klines, funding rates), (2) Manage... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 589 次。

如何安装 Standx Cli?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install standx-cli」即可一键安装,无需额外配置。

Standx Cli 是免费的吗?

是的,Standx Cli 完全免费(开源免费),可自由下载、安装和使用。

Standx Cli 支持哪些平台?

Standx Cli 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Standx Cli?

由 Lance(@wjllance)开发并维护,当前版本 v0.5.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论