技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 34 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:acwxpunh/binance-event-contract-risk
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The instructions describe an always-on Binance risk controller that clearly needs live account access and API credentials, but the skill declares no required credentials, binaries, or install artifacts — that mismatch is suspicious and should be resolved before trusting it with trading activity.
目的
The skill's stated purpose (monitoring balances, open positions, cumulative P&L, enforcing trade limits on BTCUSDT/ETHUSDT) inherently requires access to Binance account data and/or market data (API keys, account id, endpoints). However the skill declares no required environment variables or credentials. That omission is inconsistent: a risk manager operating on live accounts would legitimately need API credentials and access details.
说明范围
SKILL.md gives concrete rules, triggers, and checks (daily P&L, exposure across open positions, contract expiry warnings) but contains no concrete instructions for obtaining account state, market data, or where signals come from. It assumes continuous access to account and API responses without specifying endpoints, auth, or data sources — leaving the agent broad discretion and ambiguity about how data will be accessed or stored.
安装机制
This is an instruction-only skill with no install spec or code files. The only install hint is a user-level 'npx clawhub install ...' example in SKILL.md, which is benign documentation. No archives, downloads, or package installs are declared, so there is no installation-time code risk from the skill itself.
证书
No environment variables or primary credential are declared despite the skill needing Binance API access in practice. This is disproportionate: the skill should declare the exact credentials it requires (e.g., BINANCE_API_KEY, BINANCE_API_SECRET) and justify scopes (read-only vs trading). The omission raises the risk that an agent might attempt to use other available credentials implicitly or requires ad-hoc sharing of secrets.
持久
The skill is not always-enabled, is user-invocable, and does not declare any persistent system changes. It does allow autonomous invocation (platform default) but that alone is not unusual or flagged here.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Binance Event Contract Risk Manager」。简介:Continuously manages Binance BTCUSDT and ETHUSDT event contract risks by enforc…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/acwxpunh/binance-event-contract-risk/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。