技能详情(站内镜像,无评论)
作者:Angelos Kappos @adacapo21
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 265 · 1 current installs · 1 all-time installs
⭐ 0
安装量(当前) 1
🛡 VirusTotal :可疑 · OpenClaw :良性
Package:adacapo21/openmm-exchange-setup
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :良性
OpenClaw 评估
The skill's instructions and requirements are coherent with its stated purpose (configuring exchange API credentials for OpenMM), but it relies on an npm package you should verify and gives examples that could encourage unsafe secret storage.
目的
Name/description (OpenMM exchange setup) aligns with required binary 'openmm' and the npm install of @3rd-eye-labs/openmm which provides that binary. Required env vars and CLI commands in SKILL.md are appropriate for configuring exchange API keys.
说明范围
The SKILL.md stays within the setup/troubleshooting scope (creating keys, exporting env vars, testing balance/ticker calls). However, it includes an example that embeds API keys directly in an MCP client JSON (risk of accidental commit/exposure) and recommends running system commands like 'sudo ntpdate' (a privileged action) without guidance on safer alternatives. The instructions do not request unrelated files or credentials.
安装机制
Install uses an npm scoped package (@3rd-eye-labs/openmm) that creates an 'openmm' binary. npm installs are a common, traceable choice but carry moderate risk because package contents and publisher trust matter; there are no code files in the skill to review and no authoritative upstream URL provided in metadata.
证书
The environment variables the skill asks you to set are exactly the exchange API keys/passphrases needed for the supported exchanges. That is proportionate. Caution: the skill's examples show placing secrets in a JSON config, which increases risk of leakage if the file is committed or shared.
持久
Skill does not request elevated privileges, does not set always:true, and asks for no system config paths. No persistent or privileged system changes are requested in the instructions.
综合结论
This skill is coherent for configuring OpenMM exchange credentials, but take these precautions before installing or using it: 1) Verify the npm package publisher and inspect the package (or its repository) before installing globally; do not blindly trust a scoped package without checking its source. 2) Prefer storing keys in a secure secret manager or environment variables rather than embedding them in JSON config files; never commit files con…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「OpenMM Exchange Setup」。简介:Step-by-step guide to configure exchange API credentials for OpenMM.。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/adacapo21/openmm-exchange-setup/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: openmm-exchange-setup
version: 0.1.0
description: "Step-by-step guide to configure exchange API credentials for OpenMM."
tags: [openmm, setup, exchanges, configuration]
metadata:
openclaw:
emoji: "🔑"
requires:
bins: [openmm]
install:
- kind: node
package: "@3rd-eye-labs/openmm"
bins: [openmm]
---
# OpenMM Exchange Setup
Interactive guide for configuring exchange API credentials in OpenMM.
## When to Use
Use this skill when:
- Setting up OpenMM for the first time
- Adding a new exchange
- Troubleshooting connection issues
## Supported Exchanges
| Exchange | Min Order | Credentials Required |
|----------|-----------|---------------------|
| MEXC | 1 USDT | API key + Secret |
| Gate.io | 1 USDT | API key + Secret |
| Bitget | 1 USDT | API key + Secret + Passphrase |
| Kraken | 5 EUR/USD | API key + Secret |
## Setup Workflow
### Step 1: Create API Keys
Guide user to the exchange's API management page:
```
MEXC: https://www.mexc.com/ucenter/api
Gate.io: https://www.gate.io/myaccount/apikeys
Kraken: https://www.kraken.com/u/security/api
Bitget: https://www.bitget.com/account/newapi
```
### Step 2: Configure Permissions
Required permissions for each exchange:
**MEXC:**
- Enable Spot Trading
- Enable Reading
- Disable Withdrawals (safety)
- IP whitelist recommended
**Gate.io:**
- Spot Trade
- Spot Read
- No Withdraw permission
- IP whitelist recommended
**Kraken:**
- Query Funds
- Query Open Orders & Trades
- Create & Modify Orders
- No Withdraw permission
**Bitget:**
- Trade
- Read Only
- No Transfer permission
- Note the Passphrase — it is set when creating the API key
### Step 3: Set Environment Variables
OpenMM uses environment variables for credentials. Add them to your `.env` file or export in your shell:
```bash
# MEXC
export MEXC_API_KEY="your_mexc_api_key"
export MEXC_SECRET="your_mexc_secret_key"
# Gate.io
export GATEIO_API_KEY="your_gateio_api_key"
export GATEIO_SECRET="your_gateio_secret_key"
# Bitget (requires passphrase)
export BITGET_API_KEY="your_bitget_api_key"
export BITGET_SECRET="your_bitget_secret_key"
export BITGET_PASSPHRASE="your_bitget_passphrase"
# Kraken
export KRAKEN_API_KEY="your_kraken_api_key"
export KRAKEN_SECRET="your_kraken_secret_key"
```
Or create a `.env` file in the project root:
```env
MEXC_API_KEY=your_mexc_api_key
MEXC_SECRET=your_mexc_secret_key
GATEIO_API_KEY=your_gateio_api_key
GATEIO_SECRET=your_gateio_secret_key
BITGET_API_KEY=your_bitget_api_key
BITGET_SECRET=your_bitget_secret_key
BITGET_PASSPHRASE=your_bitget_passphrase
KRAKEN_API_KEY=your_kraken_api_key
KRAKEN_SECRET=your_kraken_secret_key
```
### Step 4: Verify Connection
Test that credentials work by checking balances:
```bash
# MEXC
openmm balance --exchange mexc
# Gate.io
openmm balance --exchange gateio
# Bitget
openmm balance --exchange bitget
# Kraken
openmm balance --exchange kraken
```
### Step 5: Test Market Data
Confirm market data access:
```bash
openmm ticker --exchange mexc --symbol BTC/USDT
openmm orderbook --exchange kraken --symbol ADA/EUR --limit 5
```
## MCP Server Setup
To use OpenMM as an MCP server, add to your MCP client config:
```json
{
"mcpServers": {
"openmm": {
"command": "npx",
"args": ["@qbtlabs/openmm-mcp"],
"env": {
"MEXC_API_KEY": "your_key",
"MEXC_SECRET": "your_secret",
"KRAKEN_API_KEY": "your_key",
"KRAKEN_SECRET": "your_secret"
}
}
}
}
```
Only include env vars for exchanges you want to use.
## Troubleshooting
### "credentials not found"
- Verify environment variables are set: `echo $MEXC_API_KEY`
- Check `.env` file is in the correct directory
- Ensure variable names match exactly (e.g. `MEXC_SECRET` not `MEXC_SECRET_KEY`)
### "credentials validation failed" (Bitget)
- Verify all three vars: `BITGET_API_KEY`, `BITGET_SECRET`, `BITGET_PASSPHRASE`
- The passphrase is set when creating the API key on Bitget
### "authentication failed" (Kraken)
- Verify `KRAKEN_API_KEY` and `KRAKEN_SECRET`
- Check key permissions on Kraken API settings page
### "Timestamp Error"
- System clock may be out of sync
- Run: `sudo ntpdate time.google.com`
### "Rate Limited"
- Reduce request frequency
- Check exchange's rate limit docs
## Security Best Practices
1. **Never enable withdrawals** — trading doesn't need it
2. **Use IP whitelisting** — restrict to your server's IP
3. **Never commit `.env` files** — add `.env` to `.gitignore`
4. **Rotate keys periodically** — every 90 days recommended
5. **Use separate keys for testing** — don't mix testnet/mainnet