Run any Skill in Manus with one click

Get Started

$pwd:

llm-trading-agent-security

Name: Llm Trading Agent Security
Author: affaan-m

// 具有钱包或交易权限的自主交易代理的安全模式。涵盖提示注入、支出限制、发送前模拟、断路器、MEV保护和密钥处理。

Run Skill in Manus

$ git log --oneline --stat

stars:199,470

forks:30,623

updated:May 11, 2026 at 19:14

SKILL.md

readonly

name	llm-trading-agent-security
description	具有钱包或交易权限的自主交易代理的安全模式。涵盖提示注入、支出限制、发送前模拟、断路器、MEV保护和密钥处理。
origin	ECC direct-port adaptation
version	1.0.0

LLM 交易代理安全

自主交易代理面临比普通 LLM 应用更严苛的威胁模型：一次注入或错误的工具路径可能直接导致资产损失。

适用场景

构建能够签署并发送交易的 AI 代理
审计交易机器人或链上执行助手
为代理设计钱包密钥管理方案
授予 LLM 订单下达、代币兑换或资金操作权限

工作原理

构建多层防御体系。单一检查不足以保障安全。应将提示词卫生、支出策略、模拟执行、执行限制和钱包隔离视为独立控制措施。

示例

将提示注入视为金融攻击

import re

INJECTION_PATTERNS = [
    r'ignore (previous|all) instructions',
    r'new (task|directive|instruction)',
    r'system prompt',
    r'send .{0,50} to 0x[0-9a-fA-F]{40}',
    r'transfer .{0,50} to',
    r'approve .{0,50} for',
]

def sanitize_onchain_data(text: str) -> str:
    for pattern in INJECTION_PATTERNS:
        if re.search(pattern, text, re.IGNORECASE):
            raise ValueError(f"Potential prompt injection: {text[:100]}")
    return text

切勿将代币名称、交易对标签、网络钩子或社交信息流盲目注入具备执行能力的提示词中。

硬性支出限额

from decimal import Decimal

MAX_SINGLE_TX_USD = Decimal("500")
MAX_DAILY_SPEND_USD = Decimal("2000")

class SpendLimitError(Exception):
    pass

class SpendLimitGuard:
    def check_and_record(self, usd_amount: Decimal) -> None:
        if usd_amount > MAX_SINGLE_TX_USD:
            raise SpendLimitError(f"Single tx ${usd_amount} exceeds max ${MAX_SINGLE_TX_USD}")

        daily = self._get_24h_spend()
        if daily + usd_amount > MAX_DAILY_SPEND_USD:
            raise SpendLimitError(f"Daily limit: ${daily} + ${usd_amount} > ${MAX_DAILY_SPEND_USD}")

        self._record_spend(usd_amount)

发送前模拟执行

class SlippageError(Exception):
    pass

async def safe_execute(self, tx: dict, expected_min_out: int | None = None) -> str:
    sim_result = await self.w3.eth.call(tx)

    if expected_min_out is None:
        raise ValueError("min_amount_out is required before send")

    actual_out = decode_uint256(sim_result)
    if actual_out < expected_min_out:
        raise SlippageError(f"Simulation: {actual_out} < {expected_min_out}")

    signed = self.account.sign_transaction(tx)
    return await self.w3.eth.send_raw_transaction(signed.raw_transaction)

断路器机制

class TradingCircuitBreaker:
    MAX_CONSECUTIVE_LOSSES = 3
    MAX_HOURLY_LOSS_PCT = 0.05

    def check(self, portfolio_value: float) -> None:
        if self.consecutive_losses >= self.MAX_CONSECUTIVE_LOSSES:
            self.halt("Too many consecutive losses")

        if self.hour_start_value <= 0:
            self.halt("Invalid hour_start_value")
            return

        hourly_pnl = (portfolio_value - self.hour_start_value) / self.hour_start_value
        if hourly_pnl < -self.MAX_HOURLY_LOSS_PCT:
            self.halt(f"Hourly PnL {hourly_pnl:.1%} below threshold")

钱包隔离

import os
from eth_account import Account

private_key = os.environ.get("TRADING_WALLET_PRIVATE_KEY")
if not private_key:
    raise EnvironmentError("TRADING_WALLET_PRIVATE_KEY not set")

account = Account.from_key(private_key)

使用仅包含所需会话资金的专用热钱包。切勿将代理指向主资金钱包。

MEV 与截止时间保护

import time

PRIVATE_RPC = "https://rpc.flashbots.net"
MAX_SLIPPAGE_BPS = {"stable": 10, "volatile": 50}
deadline = int(time.time()) + 60

部署前检查清单

外部数据在进入 LLM 上下文前已完成清理
支出限额独立于模型输出强制执行
交易在发送前经过模拟
min_amount_out 为强制要求
断路器在出现回撤或无效状态时触发
密钥来自环境变量或密钥管理器，绝不写入代码或日志
在适当时使用私有内存池或受保护路由
根据策略设置滑点和截止时间
所有代理决策均记录审计日志，不仅限于成功发送的交易

related-skills.json

same repository

react-patterns.md

from "affaan-m/ECC"

React 18/19 patterns including hooks discipline, server/client component boundaries, Suspense + error boundaries, form actions, data fetching, state management decision trees, and accessibility-first composition. Use when writing or reviewing React components.

2026-05-28199.5k

react-performance.md

from "affaan-m/ECC"

React and Next.js performance optimization patterns adapted from Vercel Engineering's React Best Practices (https://github.com/vercel-labs/agent-skills). Organizes 70+ rules across 8 priority categories — waterfalls, bundle size, server-side, client fetching, re-render, rendering, JS micro-perf, advanced. Use when writing, reviewing, or refactoring React/Next.js code for performance.

2026-05-28199.5k

react-testing.md

from "affaan-m/ECC"

React component testing with React Testing Library, Vitest/Jest, MSW for network mocking, accessibility assertions with axe, and the decision boundary between component tests and Playwright/Cypress end-to-end runs. Use when writing or fixing tests for React components, hooks, or pages.

2026-05-28199.5k

social-publisher.md

from "affaan-m/ECC"

Agent-driven scheduling and publishing of social media posts across 13 platforms via SocialClaw. Use when the user wants to publish to X, LinkedIn, Instagram, Facebook Pages, TikTok, Discord, Telegram, YouTube, Reddit, WordPress, or Pinterest — or when managing campaigns, uploading media, or monitoring post delivery status.

2026-05-25199.5k

marketing-campaign.md

from "affaan-m/ECC"

End-to-end marketing campaign planning and execution. Covers audience research, positioning, campaign angle definition, landing page copy, email sequences, social posts, ad copy, short-form video scripts, and content calendars. Use as the orchestration layer for multi-channel product launches.

2026-05-25199.5k

frontend-a11y.md

from "affaan-m/ECC"

Accessibility patterns for React and Next.js — semantic HTML, ARIA attributes, form labeling, keyboard navigation, focus management, and screen reader support. Use when building any interactive UI component or form.

2026-05-25199.5k

package.json

"author": "affaan-m"

"repository": "affaan-m/ECC"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	llm-trading-agent-security
description	具有钱包或交易权限的自主交易代理的安全模式。涵盖提示注入、支出限制、发送前模拟、断路器、MEV保护和密钥处理。
origin	ECC direct-port adaptation
version	1.0.0

LLM 交易代理安全

自主交易代理面临比普通 LLM 应用更严苛的威胁模型：一次注入或错误的工具路径可能直接导致资产损失。

适用场景

构建能够签署并发送交易的 AI 代理
审计交易机器人或链上执行助手
为代理设计钱包密钥管理方案
授予 LLM 订单下达、代币兑换或资金操作权限

工作原理

构建多层防御体系。单一检查不足以保障安全。应将提示词卫生、支出策略、模拟执行、执行限制和钱包隔离视为独立控制措施。

示例

将提示注入视为金融攻击

import re

INJECTION_PATTERNS = [
    r'ignore (previous|all) instructions',
    r'new (task|directive|instruction)',
    r'system prompt',
    r'send .{0,50} to 0x[0-9a-fA-F]{40}',
    r'transfer .{0,50} to',
    r'approve .{0,50} for',
]

def sanitize_onchain_data(text: str) -> str:
    for pattern in INJECTION_PATTERNS:
        if re.search(pattern, text, re.IGNORECASE):
            raise ValueError(f"Potential prompt injection: {text[:100]}")
    return text

切勿将代币名称、交易对标签、网络钩子或社交信息流盲目注入具备执行能力的提示词中。

硬性支出限额

from decimal import Decimal

MAX_SINGLE_TX_USD = Decimal("500")
MAX_DAILY_SPEND_USD = Decimal("2000")

class SpendLimitError(Exception):
    pass

class SpendLimitGuard:
    def check_and_record(self, usd_amount: Decimal) -> None:
        if usd_amount > MAX_SINGLE_TX_USD:
            raise SpendLimitError(f"Single tx ${usd_amount} exceeds max ${MAX_SINGLE_TX_USD}")

        daily = self._get_24h_spend()
        if daily + usd_amount > MAX_DAILY_SPEND_USD:
            raise SpendLimitError(f"Daily limit: ${daily} + ${usd_amount} > ${MAX_DAILY_SPEND_USD}")

        self._record_spend(usd_amount)

发送前模拟执行

class SlippageError(Exception):
    pass

async def safe_execute(self, tx: dict, expected_min_out: int | None = None) -> str:
    sim_result = await self.w3.eth.call(tx)

    if expected_min_out is None:
        raise ValueError("min_amount_out is required before send")

    actual_out = decode_uint256(sim_result)
    if actual_out < expected_min_out:
        raise SlippageError(f"Simulation: {actual_out} < {expected_min_out}")

    signed = self.account.sign_transaction(tx)
    return await self.w3.eth.send_raw_transaction(signed.raw_transaction)

断路器机制

class TradingCircuitBreaker:
    MAX_CONSECUTIVE_LOSSES = 3
    MAX_HOURLY_LOSS_PCT = 0.05

    def check(self, portfolio_value: float) -> None:
        if self.consecutive_losses >= self.MAX_CONSECUTIVE_LOSSES:
            self.halt("Too many consecutive losses")

        if self.hour_start_value <= 0:
            self.halt("Invalid hour_start_value")
            return

        hourly_pnl = (portfolio_value - self.hour_start_value) / self.hour_start_value
        if hourly_pnl < -self.MAX_HOURLY_LOSS_PCT:
            self.halt(f"Hourly PnL {hourly_pnl:.1%} below threshold")

钱包隔离

import os
from eth_account import Account

private_key = os.environ.get("TRADING_WALLET_PRIVATE_KEY")
if not private_key:
    raise EnvironmentError("TRADING_WALLET_PRIVATE_KEY not set")

account = Account.from_key(private_key)

使用仅包含所需会话资金的专用热钱包。切勿将代理指向主资金钱包。

MEV 与截止时间保护

import time

PRIVATE_RPC = "https://rpc.flashbots.net"
MAX_SLIPPAGE_BPS = {"stable": 10, "volatile": 50}
deadline = int(time.time()) + 60

部署前检查清单

外部数据在进入 LLM 上下文前已完成清理
支出限额独立于模型输出强制执行
交易在发送前经过模拟
min_amount_out 为强制要求
断路器在出现回撤或无效状态时触发
密钥来自环境变量或密钥管理器，绝不写入代码或日志
在适当时使用私有内存池或受保护路由
根据策略设置滑点和截止时间
所有代理决策均记录审计日志，不仅限于成功发送的交易

llm-trading-agent-security

LLM 交易代理安全

适用场景

工作原理

示例

将提示注入视为金融攻击

硬性支出限额

发送前模拟执行

断路器机制

钱包隔离

MEV 与截止时间保护

部署前检查清单

More from this repository

LLM 交易代理安全

适用场景

工作原理

示例

将提示注入视为金融攻击

硬性支出限额

发送前模拟执行

断路器机制

钱包隔离

MEV 与截止时间保护

部署前检查清单

More from this repository