← Back to Skills Marketplace
Web3-Crypto-Degen
by
StanPoldark
· GitHub ↗
· v1.0.4
· MIT-0
93
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install web3-crypto-ops-skill
Description
Universal Web3 & Crypto operating skill for AI agents. 12 domains, 60+ API endpoints, 5 providers: OKX DEX aggregator, Binance Web3 intelligence, Binance/Gat...
Usage Guidance
Do not install or supply secrets to this skill without further checks. Specific actions to take before proceeding: 1) Ask the platform why the registry metadata lists no required env vars while SKILL.md demands many secrets — this inconsistency must be resolved. 2) Verify the skill's source code, author, and homepage; prefer skills with a public repository and an audit. 3) Never provide primary private keys or broad API keys to an untrusted skill — use least-privilege API keys (no trading or no withdrawal where supported), ephemeral/testnet keys, or a hardware/vault signing flow. 4) Require an explicit user consent prompt before any mainnet trade/broadcast; demand that the platform surface exactly which env vars will be requested. 5) If you must test: run only on testnets with test API keys, and sandbox the agent. If the registry metadata cannot be corrected or the author cannot be validated, treat this skill as unsafe to install.
Capability Analysis
Type: OpenClaw Skill
Name: web3-crypto-ops-skill
Version: 1.0.4
The skill bundle is a comprehensive Web3 trading and market intelligence tool. While it requires highly sensitive environment variables (private keys and API secrets for OKX, Binance, Gate.io, and Bitget), the documentation (SKILL.md) includes extensive defensive instructions for the AI agent to prevent credential leakage, such as masking keys, forbidding logging of secrets, and enforcing the principle of least privilege. It also incorporates proactive security features like a 10-point token safety score and honeypot detection logic to protect the user from on-chain scams.
Capability Assessment
Purpose & Capability
The capabilities described (DEX/CEX ops, RPCs, signing, honeypot simulation, routing, trading) match the sensitive credentials and RPC endpoints enumerated inside SKILL.md — those credentials are reasonable for an agent that will trade and sign on-chain. However, the platform registry metadata provided with the skill lists no required environment variables, which is a mismatched and suspicious discrepancy.
Instruction Scope
SKILL.md explicitly requires loading secrets from environment variables (process.env.*), describes HMAC signing for multiple CEX APIs, and references on-chain signing and broadcasting of transactions and automated dispatch (Pump.fun/Jupiter auto-dispatch, direct pool execution). Those instructions permit moving real funds and performing market actions; the doc warns not to log/transmit secrets but gives the agent broad operational authority. The document also contains advanced features (auto-dispatch, turbo execution, Pump.fun) that could be used for manipulative trading strategies — scope is wide and high-risk.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not write archives or binaries to disk. That lowers installation risk compared to arbitrary downloads.
Credentials
SKILL.md lists many high-privilege environment variables: multiple CEX API key pairs, RPC endpoints, and explicit private keys (DEPLOYER_PRIVATE_KEY, SOL_PRIVATE_KEY). Those are proportional to a full trading/signing agent, but they are extremely sensitive. Critically, the registry metadata provided earlier claims 'required env vars: none', so the platform would not surface these secrets to the user — this mismatch is a red flag for stealthy/incorrect configuration or potential misrepresentation.
Persistence & Privilege
always:false (good) and disable-model-invocation:false (normal). However, because the skill requests private keys and trading API keys, allowing the agent to invoke this skill autonomously increases blast radius: an agent with access could sign and broadcast transactions or place orders. The skill does not request system-level persistence, but autonomous invocation combined with high-privilege secrets is risky.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install web3-crypto-ops-skill - After installation, invoke the skill by name or use
/web3-crypto-ops-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
web3-crypto-ops-skill v1.0.4
- No file changes detected in this release.
- Likely an administrative or metadata-only update with no user-facing impact.
- All features and required environment variables remain consistent with previous version.
v1.0.3
- Updated skill metadata to version 1.0.3.
- Added "always: false" invocation policy to require explicit user confirmation before fund movement.
- Overhauled required environment variable section for stronger security: added detailed sensitivity, permission scope, and purposes for each variable.
- Added fields for additional infrastructure and feature flags (e.g., DATABASE_URL, REDIS_URL, JWT_SECRET, VAULT_TIMEOUT_MS, RPC endpoints).
- Improved documentation and formatting for clarity and platform registry synchronization.
v1.0.2
web3-crypto-ops-skill v1.0.1
- Added ENABLE_TESTNET to required environment variables, allowing optional activation of testnet features.
- No other changes.
v1.0.1
**Changelog v1.0.1**
- Added required_env_vars and credentials fields to SKILL.md, specifying all necessary environment variables and credential types for secure operation.
- No changes to code or APIs; this update documents environment and credential requirements for clearer setup and integration.
- Supports better transparency and compliance for production and agent deployments.
v1.0.0
Web3 Crypto Ops v1.0.0 — A universal Web3/Crypto operations skill with multi-provider support and commercial-grade safety.
- Supports 12 domains and 60+ endpoints across OKX DEX, Binance Web3/Spot, Gate.io Spot, and Bitget Spot.
- Features RPC health failover, 10-point token safety scoring, honeypot round-trip simulation, and advanced routing including V2/V3 direct pool execution.
- Integrates security compliance, commercial risk gates, and credential safety protocols (never hardcoded, always from environment).
- Provides cross-chain support for Ethereum, BSC, Solana, Base, Arbitrum, Polygon, and X Layer, with precise chain ID and native token mapping.
- Production-ready tools for token discovery, market charts, price feeds, security audits, portfolio tracking, DEX/CEX trading, and social/meme trends.
Metadata
Frequently Asked Questions
What is Web3-Crypto-Degen?
Universal Web3 & Crypto operating skill for AI agents. 12 domains, 60+ API endpoints, 5 providers: OKX DEX aggregator, Binance Web3 intelligence, Binance/Gat... It is an AI Agent Skill for Claude Code / OpenClaw, with 93 downloads so far.
How do I install Web3-Crypto-Degen?
Run "/install web3-crypto-ops-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Web3-Crypto-Degen free?
Yes, Web3-Crypto-Degen is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Web3-Crypto-Degen support?
Web3-Crypto-Degen is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Web3-Crypto-Degen?
It is built and maintained by StanPoldark (@stanpoldark); the current version is v1.0.4.
More Skills