← 返回 Skills 市场
590
总下载
1
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install trading-tournament
功能描述
Run autonomous multi-agent trading competitions on OKX. 5 AI agents compete with real-time market data, evolutionary selection replaces losers daily, exchang...
安全使用建议
Do not supply real API keys or run unknown scripts without review. The SKILL.md asks you to create .secrets/okx.env with OKX credentials and to copy/run code that is NOT included in the package (it even references a 'bybit-trading/' folder while claiming OKX). This mismatch and the undeclared credentials are suspicious. If you consider using it:
- Ask the publisher for the full source code and verify provenance before running anything.
- Review all code for where it reads/writes .secrets/okx.env, where it sends network traffic, and any code that restarts processes or manipulates system tasks.
- Use a demo OKX account with minimal permissions and no withdraw rights; rotate and limit keys (IP restrictions if available).
- Run in an isolated environment (container or VM) and inspect logs and network traffic first.
- Prefer immutable deployment (no automatic cron/Task installers) and avoid persisting secrets in plaintext on disk; use a secrets manager when possible.
- Clarify the bybit/OKX inconsistency and confirm that the 'bybit-trading/' reference is not a copy-paste error that hides other mismatches.
Given the missing files and undeclared sensitive requirements, treat this skill as untrusted until you can audit the code and confirm intent.
功能分析
Type: OpenClaw Skill
Name: trading-tournament
Version: 1.0.0
The `SKILL.md` file contains instructions that, if executed by an AI agent, would lead to high-risk system modifications and process management. Specifically, it instructs the agent to handle sensitive API keys, execute Node.js scripts, and critically, to set up a 'Guardian cron or Windows Task' to 'kill and restart' processes. While framed as a safety feature for uptime, this constitutes a significant prompt injection vulnerability, as it directs the agent to perform system-level persistence and process control, which could be abused for unauthorized execution or backdoor installation.
能力评估
Purpose & Capability
The skill's description is a trading tournament on OKX, which would legitimately need OKX API keys and a Node.js implementation. However, the registry metadata declares no required environment variables or code files, while the SKILL.md instructs creating .secrets/okx.env with OKX_API_KEY/SECRET/PASSPHRASE and copying a local folder 'bybit-trading/'. The 'bybit' folder name conflicts with the OKX target, which is an unexplained inconsistency. Expecting API credentials but declaring none in the registry is disproportionate and incoherent.
Instruction Scope
The runtime instructions tell the agent (or user) to copy a local folder, edit agents_config.json, create a .secrets/okx.env file with API credentials, and run `node competition_manager_okx.js`. Those files/scripts are not part of the packaged skill, so the instructions assume external code and secret storage. The SKILL.md also recommends a Guardian cron/Windows Task that kills/restarts processes and checks logs, which instructs actions that affect system services and secret files. These actions go beyond a simple informational skill and require access to local filesystem, process control, and sensitive credentials.
Install Mechanism
There is no install specification (instruction-only), which minimizes automatic installation risk. However, because the instructions rely on external Node.js scripts and a 'bybit-trading/' folder that are not provided, the skill in practice requires obtaining and running external code — the source and integrity of that code are unknown. The lack of an install mechanism combined with missing code is a red flag for manual code review before execution.
Credentials
The SKILL.md explicitly requires OKX_API_KEY, OKX_API_SECRET, and OKX_PASSPHRASE and instructs storing them in a .secrets file, but the registry declares no required env vars or primary credential. Requesting exchange API credentials is plausible for trading, but the undeclared nature plus instructions to persist secrets on disk (and to run restart scripts that may access them) is disproportionate without packaged code and provenance. The bybit/OKX naming mismatch further clouds whether those credentials are actually needed or being misdirected.
Persistence & Privilege
The skill does not set always:true, but it instructs installing a Guardian via cron/Windows Task to monitor and restart the competition manager, which creates ongoing background activity and process-control behavior on the host. That grants persistence and requires system privileges to manage processes/tasks; combined with secret storage and autonomous trading, this increases the potential impact if the code or operator is untrusted.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install trading-tournament - 安装完成后,直接呼叫该 Skill 的名称或使用
/trading-tournament触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Trading Tournament 是什么?
Run autonomous multi-agent trading competitions on OKX. 5 AI agents compete with real-time market data, evolutionary selection replaces losers daily, exchang... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 590 次。
如何安装 Trading Tournament?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install trading-tournament」即可一键安装,无需额外配置。
Trading Tournament 是免费的吗?
是的,Trading Tournament 完全免费(开源免费),可自由下载、安装和使用。
Trading Tournament 支持哪些平台?
Trading Tournament 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Trading Tournament?
由 peti0402(@peti0402)开发并维护,当前版本 v1.0.0。
推荐 Skills