← Back to Skills Marketplace
996
Downloads
0
Stars
5
Active Installs
1
Versions
Install in OpenClaw
/install trade
Description
Swap or trade tokens on Base network. Use when you or the user want to trade, swap, exchange, buy, sell, or convert between tokens like USDC, ETH, and WETH. Covers phrases like "buy ETH", "sell ETH for USDC", "convert USDC to ETH", "get some ETH".
Usage Guidance
This skill does what it says (trades tokens) but it executes an unpinned npm package at runtime (npx awal@latest) and relies on a wallet authentication step that is not described. Before installing or using it: verify the `awal` CLI's source and maintainers, prefer a pinned version rather than @latest, inspect the package code (or its published repository) to see how it handles keys and approvals, and avoid entering private keys into prompts unless you trust the package. If possible, run trades from an isolated/hard-limited wallet (small funds) or ask the author for a versioned, auditable integration that documents exactly how authentication and signing are performed.
Capability Analysis
Type: OpenClaw Skill
Name: trade
Version: 0.1.0
The skill is designed for a legitimate purpose (token trading) and includes a security instruction to prevent shell variable expansion. However, it relies on the `npx awal@latest` external package, introducing a supply chain risk. More critically, the `allowed-tools` in `SKILL.md` use broad wildcards (`Bash(npx awal@latest trade *)`), permitting the agent to pass arbitrary arguments to the `awal` command. This creates a vulnerability where potential command injection flaws within the `awal` tool itself could be exploited if an attacker crafts malicious inputs, even though the skill itself does not explicitly instruct the agent to perform malicious actions.
Capability Assessment
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md tells the agent to perform token swaps on Base using the `npx awal@latest trade` CLI, and the token aliases/arguments align with that purpose.
Instruction Scope
Instructions are narrowly scoped to calling the `awal` CLI (status/trade/balance) and handling amounts/tokens; they do not ask the agent to read arbitrary system files. However, they direct the agent to execute remote code (npx) that will interact with the user's wallet — the exact wallet access surface is not described here.
Install Mechanism
There is no install spec in the skill, but allowed-tools explicitly rely on `npx awal@latest`. Running npx fetches and executes code from the npm registry at runtime, and the skill pins to @latest (unversioned), introducing supply-chain / arbitrary remote-code risk. This is expected for a CLI-based approach but is a noteworthy risk that is not mitigated here (no pinned version, no source/homepage).
Credentials
The skill declares no required env vars or credentials, yet trading requires a wallet/authentication step. The SKILL.md refers to being "authenticated" and an external `authenticate-wallet` skill, but it does not declare what secrets or local wallet files the CLI will access. Lack of explicit credential declarations hides where private keys or wallets will be read or supplied.
Persistence & Privilege
The skill is user-invocable, not always-included, and does not request persistent privileges or modify other skills. Autonomous invocation is enabled (disable-model-invocation: false), which is normal; nothing here grants unusual system-wide persistence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install trade - After installation, invoke the skill by name or use
/trade - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of the trade skill for swapping tokens on the Base network.
- Enables trading, swapping, buying, selling, and converting tokens (e.g., USDC, ETH, WETH) via simple commands.
- Supports amount input in USD, decimal, whole number, and atomic unit formats.
- Includes token alias resolution and auto-detection of decimals for known tokens and contract addresses.
- Allows custom slippage settings and JSON output.
- Provides detailed examples, prerequisites, and error handling guidelines.
Metadata
Frequently Asked Questions
What is Trade?
Swap or trade tokens on Base network. Use when you or the user want to trade, swap, exchange, buy, sell, or convert between tokens like USDC, ETH, and WETH. Covers phrases like "buy ETH", "sell ETH for USDC", "convert USDC to ETH", "get some ETH". It is an AI Agent Skill for Claude Code / OpenClaw, with 996 downloads so far.
How do I install Trade?
Run "/install trade" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Trade free?
Yes, Trade is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Trade support?
Trade is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Trade?
It is built and maintained by 0xRAG (@0xrag); the current version is v0.1.0.
More Skills