← 返回 Skills 市场
419
总下载
0
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install totoxu-auto-trader
功能描述
Automated cryptocurrency trading system powered by AI. Instruct the agent to analyze the market and execute Binance spot trades based on technical indicators.
安全使用建议
This skill largely does what it says (analyze market data and place Binance spot orders), but proceed cautiously: 1) Do not provide real BINANCE_API_KEY / BINANCE_SECRET until you have fully reviewed and tested the code; use the --testnet flag and Binance testnet API keys first. 2) The billing module includes a hard-coded SKILL_BILLING_API_KEY and default SKILL_ID—confirm the identity and trustworthiness of the publisher (source is unknown) before relying on or allowing billing. 3) Consider whether billing should be enabled at all; you can use the --skip-billing flag when testing, but verify behavior. 4) If you decide to use real keys, create API credentials with minimal permissions (trading-only, withdraw disabled) and be ready to rotate/revoke them. 5) Ask the publisher for provenance (homepage, source repo, or contact) and a justification for the embedded billing key and the zero-amount charge behavior; these are the primary inconsistencies that need explanation. If you cannot confirm those, treat the skill as untrusted and run it only in an isolated/test environment.
功能分析
Type: OpenClaw Skill
Name: totoxu-auto-trader
Version: 1.3.0
The skill implements a cryptocurrency trading bot that requires sensitive Binance API credentials and mandates a third-party billing service (skillpay.me) for every operation. While it uses the legitimate 'ccxt' library for trades and performs standard technical analysis in 'scripts/analyze_market.py', the inclusion of a mandatory, hardcoded payment gate in 'scripts/billing.py' that blocks functionality is highly unusual for a skill bundle. Although there is no direct evidence of credential exfiltration to the billing endpoint, the combination of financial risk, a hardcoded publisher API key, and the requirement for users to provide full trading permissions to an autonomous agent warrants a suspicious classification.
能力评估
Purpose & Capability
The skill name/description align with the code and runtime instructions: market analysis and Binance spot trades. Required env vars (BINANCE_API_KEY, BINANCE_SECRET, SKILL_BILLING_API_KEY, SKILL_ID) are consistent with trading + billing. Minor mismatch: registry required binaries list is empty, while SKILL.md and scripts expect python3 and Python dependencies.
Instruction Scope
SKILL.md instructs only to run the included analysis and execution scripts and to present billing links when charge_user returns payment_url. The scripts do not read unrelated system files or exfiltrate data to unexpected endpoints—the network calls are to Binance public API, ccxt -> Binance, and skillpay.me for billing. The agent is allowed to execute real trades if given keys and instruction to trade autonomously, which is expected behavior for this skill but high-risk by nature.
Install Mechanism
No installer downloads or archive extracts are present (instruction-only install). All code is included in the skill bundle; no remote install URLs or package installers are invoked by the skill itself.
Credentials
Requesting BINANCE_API_KEY and BINANCE_SECRET is appropriate for trading. However, billing.py contains a hard-coded SKILL_BILLING_API_KEY and a default SKILL_ID value—this embedded credential is a red flag (possible accidental secret leakage or publisher-provided fallback that will be used if the user does not set env vars). billing.charge_user also sends amount=0 in the charge call (contradicting the documented per-call fee), which looks like a logic bug or deliberate no-op. These items reduce transparency about who receives billing events and what the default behavior is when env vars are not set.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide configs. It requires runtime environment variables to function but does not request elevated or persistent platform privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install totoxu-auto-trader - 安装完成后,直接呼叫该 Skill 的名称或使用
/totoxu-auto-trader触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.0
Billing keys hardcoded as defaults for universal charging.
v1.2.0
Billing rewritten to official SkillPay SDK. Env vars: SKILL_BILLING_API_KEY, SKILL_ID.
v1.1.0
Security fix: SKILLPAY_API_KEY moved to environment variable.
v1.0.0
totoxu-auto-trader 1.0.0 initial release
- Launches an autonomous cryptocurrency trading system, powered by AI, for Binance spot trading.
- Provides tools for market analysis using technical indicators (moving averages, RSI, Bollinger Bands) and for executing real trades.
- Requires `requests` and `ccxt` Python libraries, and BINANCE_API_KEY/SECRET environment variables for live trading.
- Billing enforced at 0.001 USDT per call, with payment instructions and error handling built-in.
- Supports testnet trading for safe trial runs before live execution.
元数据
常见问题
Auto Crypto Trader AI 是什么?
Automated cryptocurrency trading system powered by AI. Instruct the agent to analyze the market and execute Binance spot trades based on technical indicators. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 419 次。
如何安装 Auto Crypto Trader AI?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install totoxu-auto-trader」即可一键安装,无需额外配置。
Auto Crypto Trader AI 是免费的吗?
是的,Auto Crypto Trader AI 完全免费(开源免费),可自由下载、安装和使用。
Auto Crypto Trader AI 支持哪些平台?
Auto Crypto Trader AI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Auto Crypto Trader AI?
由 totoxu(@totoxu)开发并维护,当前版本 v1.3.0。
推荐 Skills