← 返回 Skills 市场
TA Radar
作者
deanpeng-dotcom
· GitHub ↗
· v1.2.0
· MIT-0
72
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ta-radar
功能描述
Multi-Dimensional Technical Analysis Radar for cryptocurrencies. Supports spot trading pairs (Binance/Gate.io) and on-chain contract addresses (via DexScreen...
安全使用建议
This skill largely looks like what it says (a crypto TA tool), but there are three reasons to be cautious: (1) SKILL.md asks the agent to write and run a long embedded Python script — running code embedded in a skill is more powerful and riskier than just calling an API; (2) the metadata claims 'pip install -r requirements.txt' while the package claims zero-dependency and no requirements.txt is present — ask the maintainer to clarify or show the repository and requirements.txt before installing; (3) I could not inspect the entire embedded script (it was truncated here), so review the full script to ensure it doesn't call unexpected endpoints, exfiltrate data, or read local files. Recommended precautions: run the skill only in an isolated/sandboxed environment (or review the full embedded script first), verify the repository/source code on GitHub, and confirm there are no hidden endpoints or calls beyond the listed public APIs (Binance, Gate.io, DexScreener via allorigins.win). If you rely on it for real funds, consider running the script locally yourself after manual code review rather than allowing autonomous agent execution.
功能分析
Type: OpenClaw Skill
Name: ta-radar
Version: 1.2.0
The skill is classified as suspicious due to a shell injection vulnerability in the execution instructions within SKILL.md. The agent is instructed to execute a bash command where user-controlled parameters (TA_SYMBOL and TA_INTERVAL) are embedded directly into environment variable assignments (e.g., TA_SYMBOL="<SYMBOL>") without sanitization, which allows for arbitrary command execution on the host. While the embedded Python script itself appears to be a legitimate technical analysis tool fetching data from Binance and Gate.io, the insecure instruction template in SKILL.md poses a significant security risk.
能力标签
能力评估
Purpose & Capability
The name/description (TA Radar for crypto) align with the described data sources (Binance, Gate.io, DexScreener) and the indicators computed. However SKILL.md metadata lists an install command 'pip install -r requirements.txt' while README and the embedded script claim 'zero-dependency' pure-Python operation and no requirements.txt is present in the manifest — this inconsistency is unexplained.
Instruction Scope
The agent is instructed to write a full Python script to /tmp and execute it, then delete it. Running code supplied inside the SKILL.md is expected for instruction-only skills but is higher-risk than simple API calls because the embedded script can perform arbitrary I/O and network requests. From the visible parts the script fetches only the listed public endpoints (api.binance.info, api.gateio.ws, allorigins.win→DexScreener). I could not inspect the entire embedded script (it was truncated in the provided SKILL.md), so unknown behavior may exist. The instruction to return the script's full stdout unchanged may expose unexpected local details if the script prints them.
Install Mechanism
There is no separate install spec and no archived downloads; runtime network calls happen only during script execution. The presence of an install command in the SKILL.md metadata (pip install -r requirements.txt) conflicts with the 'zero-dependency' claim and with the manifest (no requirements.txt). No high-risk installer URLs or extracted archives are present.
Credentials
Declared environment variables are minimal and appropriate: TA_SYMBOL (required) and TA_INTERVAL (optional). The skill does not request secrets or credentials and the visible script only reads those vars. No evidence the skill asks for unrelated credentials or system config paths.
Persistence & Privilege
The skill is not set to always:true and does not request persistent system-level changes. It writes a temporary file to /tmp and deletes it; no installation of persistent daemons or modification of other skills is indicated.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ta-radar - 安装完成后,直接呼叫该 Skill 的名称或使用
/ta-radar触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
**Summary:**
Version 1.2.0 introduces major reliability and usability improvements.
- Gate.io added as an automatic fallback K-line price source if Binance is unavailable, ensuring uninterrupted access for all users.
- Beginner-friendly, plain-language explanations now included alongside each technical indicator in generated reports.
- Enhanced GFW/firewall compatibility for mainland China users via automatic API fallback and proxy use.
- No changes to usage or external dependencies—continues to be a zero-dependency Python skill.
元数据
常见问题
TA Radar 是什么?
Multi-Dimensional Technical Analysis Radar for cryptocurrencies. Supports spot trading pairs (Binance/Gate.io) and on-chain contract addresses (via DexScreen... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 72 次。
如何安装 TA Radar?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ta-radar」即可一键安装,无需额外配置。
TA Radar 是免费的吗?
是的,TA Radar 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
TA Radar 支持哪些平台?
TA Radar 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 TA Radar?
由 deanpeng-dotcom(@deanpeng-dotcom)开发并维护,当前版本 v1.2.0。
推荐 Skills