Design security and risk controls for autonomous trading agents with transaction authority
Copy the install command and let the AI configure it · recommended for beginners
Please install the "llm-trading-agent-security" skill from askskill: 1. Download https://raw.githubusercontent.com/affaan-m/ECC/main/skills/llm-trading-agent-security/SKILL.md 2. Save it as ~/.claude/skills/llm-trading-agent-security/SKILL.md 3. Reload skills and tell me it's ready
Design a security architecture for an LLM trading agent with wallet signing and auto-execution capabilities. Cover prompt injection defense, permission layers, spend limits, pre-send simulation, circuit breakers, key management, and audit logs, and provide implementation priorities.
A layered security plan with key risks, control measures, and implementation priorities.
Create a pre-trade checklist and risk control rules for an autonomous on-chain trading agent. Include balance and allowance checks, slippage thresholds, execution simulation, whitelisted contract validation, volatility circuit breakers, and maximum per-trade loss limits.
An actionable set of pre-trade validation and blocking rules for the agent workflow.
Review the security of this trading agent design, focusing on private key custody, session keys, signature permission isolation, transaction broadcast paths, and frontrunning or sandwich attack risks, then propose improvements.
A security review identifying weaknesses and recommending key management and MEV protection improvements.
Autonomous trading agents have a harsher threat model than normal LLM apps: an injection or bad tool path can turn directly into asset loss.
Layer the defenses. No single check is enough. Treat prompt hygiene, spend policy, simulation, execution limits, and wallet isolation as independent controls.
import re
INJECTION_PATTERNS = [
r'ignore (previous|all) instructions',
r'new (task|directive|instruction)',
r'system prompt',
r'send .{0,50} to 0x[0-9a-fA-F]{40}',
r'transfer .{0,50} to',
r'approve .{0,50} for',
]
def sanitize_onchain_data(text: str) -> str:
for pattern in INJECTION_PATTERNS:
if re.search(pattern, text, re.IGNORECASE):
raise ValueError(f"Potential prompt injection: {text[:100]}")
return text
Do not blindly inject token names, pair labels, webhooks, or social feeds into an execution-capable prompt.
from decimal import Decimal
MAX_SINGLE_TX_USD = Decimal("500")
MAX_DAILY_SPEND_USD = Decimal("2000")
class SpendLimitError(Exception):
pass
class SpendLimitGuard:
def check_and_record(self, usd_amount: Decimal) -> None:
if usd_amount > MAX_SINGLE_TX_USD:
raise SpendLimitError(f"Single tx ${usd_amount} exceeds max ${MAX_SINGLE_TX_USD}")
daily = self._get_24h_spend()
if daily + usd_amount > MAX_DAILY_SPEND_USD:
raise SpendLimitError(f"Daily limit: ${daily} + ${usd_amount} > ${MAX_DAILY_SPEND_USD}")
self._record_spend(usd_amount)
class SlippageError(Exception):
pass
async def safe_execute(self, tx: dict, expected_min_out: int | None = None) -> str:
sim_result = await self.w3.eth.call(tx)
if expected_min_out is None:
raise ValueError("min_amount_out is required before send")
actual_out = decode_uint256(sim_result)
if actual_out < expected_min_out:
raise SlippageError(f"Simulation: {actual_out} < {expected_min_out}")
signed = self.account.sign_transaction(tx)
return await self.w3.eth.send_raw_transaction(signed.raw_transaction)
class TradingCircuitBreaker:
MAX_CONSECUTIVE_LOSSES = 3
MAX_HOURLY_LOSS_PCT = 0.05
def check(self, portfolio_value: float) -> None:
if self.consecutive_losses >= self.MAX_CONSECUTIVE_LOSSES:
self.halt("Too many consecutive losses")
if self.hour_start_value <= 0:
self.halt("Invalid hour_start_value")
return
hourly_pnl = (portfolio_value - self.hour_start_value) / self.hour_start_value
if hourly_pnl < -self.MAX_HOURLY_LOSS_PCT:
self.halt(f"Hourly PnL {hourly_pnl:.1%} below threshold")
import os
from eth_account import Account
private_key = os.environ.get("TRADING_WALLET_PRIVATE_KEY")
if not private_key:
raise EnvironmentError("TRADING_WALLET_PRIVATE_KEY not set")
account = Account.from_key(private_key)
Use a dedicated hot wallet with only the required session funds. Never point the agent at a primary treasury wallet.
import time
PRIVATE_RPC = "https://rpc.flashbots.net"
MAX_SLIPPAGE_BPS = {"stable": 10, "volatile": 50}
deadline = int(time.time()) + 60
min_amount_out is mandatory…
Use Exa neural search for web, code, company, and people research.
Retrieve and update Jira issues, analyze requirements, and streamline team workflows.
Compare prediction-market baskets with research notes to find gaps and alignment.
Coordinate behavior-preserving code refactors with tests, review, and gated commits.
Accelerate large-scale data pipelines, backfills, and syncs without sacrificing correctness.
Coordinate GitHub and Linear workflows for triage, tracking, and execution alignment.
Perform cross-chain crypto actions, contract decoding, portfolio checks, and security screening.
Add a universal kill switch and spend guard for spending AI agents.
Protect autonomous AI agents with contract checks, wallet monitoring, and threat alerts.
Review security risks for auth, inputs, secrets, APIs, and sensitive features.
Explore Safer Agentic AI patterns and heuristics for safer agent design and review.
Provides exactly-once guards for AI agents to prevent duplicate actions on retries.