← 返回 Skills 市场
Apex
作者
TobeyRebecca
· GitHub ↗
· v1.0.0
· MIT-0
77
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install toby-apex
功能描述
Trade and monitor ApeX perpetual futures. Check balances, view positions with P&L, place/cancel orders, execute market trades, or submit trade reward enrollm...
安全使用建议
This skill is functionally a trading client and needs full ApeX API credentials plus an Omni seed (used as a signing key). Before installing or running it: 1) Do not upload your real Omni seed or full-permission API keys to unknown services; keep them local. 2) Verify the source of the apexomni-connector-node package (check its repository/release page) — it is an alpha version in package.json and could be unreviewed. 3) Use API keys with restricted permissions (no withdrawal) and test first on testnet (APEX_TESTNET=1). 4) Inspect the connector package and skill code yourself (or have someone audit it) before running npm install. 5) Be aware the skill will write a trading-state.json file in the skill directory containing positions and account size; if that is sensitive, run in a sandboxed environment. 6) Because registry metadata does not declare the required env vars, expect manual configuration and treat that omission as a red flag — confirm credential handling and storage policies before trusting the skill to execute trades.
功能分析
Type: OpenClaw Skill
Name: toby-apex
Version: 1.0.0
The skill bundle provides legitimate trading and portfolio management functionality for the ApeX perpetual futures exchange. It utilizes the 'apexomni-connector-node' SDK to perform public market data lookups and private trading operations. Sensitive credentials, including the ApeX API keys and the Omni seed, are handled via environment variables and kept local to the execution environment as per the documentation in SKILL.md. While the skill includes a default reward enrollment ID (300001) triggered by specific user phrases, this appears to be a standard affiliate or contest enrollment mechanism rather than a malicious exploit. No evidence of data exfiltration, unauthorized remote execution, or harmful prompt injection was found across the analyzed files (apex.mjs, check-positions.mjs, and SKILL.md).
能力标签
能力评估
Purpose & Capability
Name/description and the included scripts (apex.mjs, analyze-market.mjs, etc.) are coherent with an ApeX trading/monitoring skill. However the package requires API keys and an Omni seed for private operations while the registry metadata lists no required environment variables — an inconsistency that may confuse users and lead them to unknowingly supply sensitive secrets.
Instruction Scope
SKILL.md clearly limits runtime actions to market data queries, account queries, and order operations via the Apex SDK and CoinGecko. It instructs interactive confirmations before trade execution and explicitly warns not to share the Omni seed. The scripts read/write a local trading-state.json inside the skill and call only the listed APIs; there are no obvious commands that read unrelated system files or exfiltrate data to unexpected endpoints.
Install Mechanism
There is no formal install spec, but SKILL.md instructs users to run npm install in the scripts folder. That will pull multiple npm packages including an 'apexomni-connector-node' package at version 0.3.2-alpha.1 (an alpha release). Installing packages from npm (especially an alpha/unreviewed connector) increases risk compared to an instruction-only skill — review the connector package source before installing.
Credentials
The runtime requires highly sensitive secrets (APEX_API_KEY, APEX_API_SECRET, APEX_API_PASSPHRASE, APEX_OMNI_SEED). Those are appropriate for trading functionality, but the registry metadata does not declare them (required env vars: none, primary credential: none). The omission is a significant transparency problem: users may not realize they must provide private keys/seeds when enabling the skill.
Persistence & Privilege
The skill does not request elevated platform privileges or always: true. It writes a local trading-state.json (in the skill folder) to persist last checks and positions — normal for a trading helper but worth noting because it stores account and position data locally. Autonomous invocation is allowed by default (disable-model-invocation: false), which combined with access to live trading credentials increases risk if the endpoint is misused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install toby-apex - 安装完成后,直接呼叫该 Skill 的名称或使用
/toby-apex触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Apex 是什么?
Trade and monitor ApeX perpetual futures. Check balances, view positions with P&L, place/cancel orders, execute market trades, or submit trade reward enrollm... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 77 次。
如何安装 Apex?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install toby-apex」即可一键安装,无需额外配置。
Apex 是免费的吗?
是的,Apex 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Apex 支持哪些平台?
Apex 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Apex?
由 TobeyRebecca(@tobeyrebecca)开发并维护,当前版本 v1.0.0。
推荐 Skills