← 返回 Skills 市场
112
总下载
0
收藏
1
当前安装
5
版本数
在 OpenClaw 中安装
/install trade-audit
功能描述
Mandatory audit gate for all trading and transfer decisions. Sends agent-prepared decision material to Apus deterministic inference on an NVIDIA H100 TEE and...
安全使用建议
This skill is broadly consistent with its description, but take these precautions before installing or using it:
- Review and fix the code bug: analyze.py contains an undefined name ('normal') in normalize_packet which will likely raise an exception; ask the author for a corrected release or patch before relying on it.
- Audit data sent to Apus: the script posts whatever is in the prepared bundle to https://hb.apus.network; ensure you never include private keys, wallet seeds, or any confidential PII in prepared bundles. The SKILL.md recommends stripping extraneous text, but that is a manual step — consider adding explicit sanitization or local vetting.
- Verify the Apus endpoint and attestation claims: confirm the endpoint, attestation format, and expected guarantees (hardware TEE attestation, integrity proofs) independently. Hard-coded endpoints are harder to rotate; you may prefer an environment-variable override so you can point to a test or internal endpoint.
- Be aware of local logs: runs append records to ~/.trade-audit/audit.jsonl which may contain sensitive decision material; decide whether to encrypt, rotate, or disable logging.
- Test in an isolated environment: run the script with non-sensitive sample bundles to see behavior and confirm output formatting and exit codes (gate mode) before integrating into any automated trading workflow.
If you want, I can: (1) point out exact lines to patch for the undefined-variable bug; (2) produce a hardened variant that prompts for explicit approval before sending bundles externally and optionally redacts sensitive fields; or (3) draft a short checklist for safe operational use (logging policy, bundle sanitization, endpoint verification).
功能分析
Type: OpenClaw Skill
Name: trade-audit
Version: 2.0.0
The trade-audit skill provides a hardware-attested audit gate for financial decisions by sending agent-prepared data to the Apus Network TEE inference API (apus.network). The implementation in analyze.py is transparent, using only standard libraries to process inputs, communicate with the specified endpoint, and maintain a local audit log in ~/.trade-audit/. No evidence of malicious intent, credential theft, or unauthorized execution was found; the skill's behavior is strictly aligned with its documented purpose of providing verifiable trade audits.
能力评估
Purpose & Capability
Name/description say it will accept agent-prepared decision material, send it to Apus deterministic inference, and return an attested verdict. The included analyze.py implements those behaviors (builds a normalized bundle, posts to an APUS endpoint, parses a JSON packet, and writes a local audit log). No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md confines work to agent-prepared inputs and instructs the agent to fetch public data and distill it before calling analyze.py. The script itself posts the bundle to a remote Apus endpoint and appends a record to ~/.trade-audit/audit.jsonl. Two issues: (1) analyze.py contains at least one clear coding bug (in normalize_packet it sets norm['missing_information'] = normal, where 'normal' is undefined) which will likely cause crashes or exceptions at runtime; (2) the skill will transmit whatever the agent includes in the prepared bundle (addresses, amounts, possibly other sensitive details) to an external service by default — the SKILL.md warns to strip extraneous material but there is no technical safeguard to prevent leaking sensitive fields.
Install Mechanism
No install spec; the skill is instruction-plus-a-single-python script using only stdlib. Nothing is downloaded or written beyond the script and template files included in the bundle.
Credentials
The skill declares no required environment variables or credentials and the code uses hard-coded APUS_BASE_URL and MODEL_NAME. There is no request for unrelated credentials. However, because it posts bundle contents to an external endpoint, users must ensure they don't include secrets in prepared bundles.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. It does create and append an audit log at ~/.trade-audit/audit.jsonl on each run; that persistent local storage could accumulate sensitive decision material and should be considered when deploying (encryption, rotation, or opt-out may be desirable).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install trade-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/trade-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
Zero dependencies: replaced openai SDK with Python stdlib (urllib). No pip/uv/venv required — works on any system with python3.
v1.2.1
Remove post-install instruction — audit rule should come from user, not skill
v1.2.0
Add post-install instruction: agents must automatically audit all financial actions without asking
v1.1.0
Add public data sources (Polymarket, CoinGecko, Binance), no-wallet-required note, TEE attestation display requirement, bundle size guard
v1.0.0
Initial release: mandatory audit gate for trading & transfer decisions via Apus TEE. Features: --gate mode with semantic exit codes, --min-confidence threshold, local audit log, bundle size guard.
元数据
常见问题
Trade Audit 是什么?
Mandatory audit gate for all trading and transfer decisions. Sends agent-prepared decision material to Apus deterministic inference on an NVIDIA H100 TEE and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 112 次。
如何安装 Trade Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install trade-audit」即可一键安装,无需额外配置。
Trade Audit 是免费的吗?
是的,Trade Audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Trade Audit 支持哪些平台?
Trade Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Trade Audit?
由 Alex(@alex-wuhu)开发并维护,当前版本 v2.0.0。
推荐 Skills