← Back to Skills Marketplace
gate-exchange

Gate DEX Trade

by Gate · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
336
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install gate-dex-trade
Description
Gate DEX swap EXECUTION skill. For on-chain token exchange transactions that MODIFY blockchain state: swap, buy, sell, exchange, convert tokens, cross-chain...
README (SKILL.md)

Gate DEX Trade

Pure Routing Layer — Swap EXECUTION only. Every operation produces an on-chain transaction. All specifications in references/.

General Rules

⚠️ STOP — You MUST read and strictly follow the shared runtime rules before proceeding. Do NOT select or call any tool until all rules are read. These rules have the highest priority. → Read gate-runtime-rules.md

Trigger Scenarios: Use when the user wants to execute a token exchange that modifies blockchain state:

  • Swap: "swap ETH for USDT", "exchange 100 USDC to DAI", "convert my BNB"
  • Buy/Sell: "buy ETH", "sell my USDT", "purchase SOL"
  • Cross-chain: "bridge ETH from Arbitrum to Base", "cross-chain swap"
  • Swap quote: "how much USDT will I get for 1 ETH" (with intent to trade)

Project convention — MCP only (this workspace)

Do not use OpenAPI for swap unless user explicitly asks OpenAPI/AK/SK. MCP unavailable → references/setup.md only.

NOT this skill (common misroutes):

  • "what is the price of ETH" → gate-dex-market (read-only lookup, no trade intent)
  • "check my swap history" → gate-dex-wallet (account query)
  • "transfer ETH to 0xABC..." → gate-dex-wallet (direct transfer, not swap)
  • "approve contract" (outside swap context) → gate-dex-wallet (DApp interaction)

Routing Flow

User triggers trading intent
  ↓
Step 1: Has user explicitly specified a mode?
  ├─ Explicitly mentions "OpenAPI" / "AK/SK" / "API Key" → OpenAPI mode
  ├─ Otherwise → MCP only (Step 2)
  └─ Not specified → Step 2
  ↓
Step 2: Is this a cross-chain swap?
  ├─ Cross-chain → Must use MCP mode (OpenAPI doesn't support cross-chain), proceed to Step 3
  └─ Same-chain / uncertain → Step 3
  ↓
Step 3: Gate Wallet MCP Server Discovery & Detection
  a) Scan configured MCP Server list for Servers providing `dex_tx_swap_quote`, `dex_tx_swap_prepare`, and staged swap signing tools
  b) If found → Record server identifier, verify with:
     CallMcpTool(server="\x3Cidentifier>", toolName="dex_chain_config", arguments={chain: "ETH"})
     ├─ Success → MCP mode
     └─ Failed → Step 4
  c) No matching Server → Step 4
  ↓
Step 4: MCP unavailable → setup guide only ([`references/setup.md`](./references/setup.md)), no OpenAPI fallback

Mode Dispatch

MCP Mode

Read and strictly follow references/mcp.md, execute according to its complete workflow.

Includes: connection detection, authentication (mcp_token), MCP Resource/tool calls (dex_tx_swap_quote / dex_tx_swap_prepare / dex_tx_swap_checkin_preview / staged sign-submit / dex_tx_swap_detail), local prebuilt swap-checkin-mac / swap-checkin-linux / swap-checkin-win.exe (Windows amd64) binary execution, token address resolution, native_in/native_out rules, three-step confirmation gateway (SOP), quote templates, risk warnings, cross-Skill collaboration, security rules.

OpenAPI Mode (Progressive Loading)

Default off in this workspace — explicit OpenAPI request only.

Limitation: OpenAPI mode only supports same-chain Swap, does not support cross-chain exchanges.

Load files progressively — only load what the current step needs:

  1. Always load first: references/openapi/_shared.md — env detection, credentials, API call method (via helper script)
  2. Then load based on swap stage:
Stage Load File When
Query (chain/gas) openapi/quote.md User asks about chains or gas
Swap: get quote openapi/quote.md + openapi/sop.md User initiates swap
Swap: build tx openapi/build.md After quote confirmed (SOP Step 2)
Swap: sign tx openapi/sign.md After build confirmed (SOP Step 3)
Swap: submit openapi/submit.md After signing complete
History openapi/submit.md User asks for swap history
  1. On error: openapi/errors.md

Legacy monolithic file preserved at references/openapi.md for backward compatibility.

MCP Server Setup Guide

When MCP detection fails and a setup guide is needed, read and display references/setup.md. Show only the configuration for the user's current platform when identifiable. Display at most once per session.

Supported Chains

Actual supported chains are determined by runtime API/Resource returns:

  • MCP Mode: swap://supported_chains Resource
  • OpenAPI Mode: trade.swap.chain interface

For uncommon chains: MCP calls dex_chain_config, OpenAPI calls trade.swap.chain.

Security Rules

  1. Three-step confirmation gateway: Trading pair confirmation → quote display → signature authorization — cannot be skipped
  2. Balance pre-check: Mandatory verification of asset and Gas token sufficiency before trading
  3. Risk warnings: Forced warning for exchange value difference > 5%, high slippage (> 5%) MEV attack warnings
  4. Authentication & credentials: Follow §3 of gate-runtime-rules.md; MCP uses mcp_token, OpenAPI uses AK/SK — never mix
  5. No OpenAPI fallback when MCP fails (this project)
Usage Guidance
This skill can perform real on-chain trades and includes scripts and an interactive installer that write config files and link the skill into local AI-platform directories. Key things to consider before installing: - Do NOT paste or store your private keys into this workspace or into config files unless you fully trust and inspected the signing scripts and binaries. The skill explicitly tells the agent it may read private keys from pasted text, file paths, or workspace files (.env) — that is a high-risk instruction. - The install script will create files in your home directory (~/.gate-dex-openapi, .cursor/.mcp.json, opencode.json, etc.) and will create symlinks and routing rules that make the skill active in your local AI platforms. Expect persistent changes. - The repo embeds example/default AK/SK values and the shared docs instruct creating a config with default keys. Using embedded or public keys may be intended as demo credentials but could result in unexpected network calls tied to shared credentials. Replace with your own keys only after reviewing gate-api-call.py. - Review these files before running anything: scripts/gate-api-call.py, scripts/sign-tx-evm.py, scripts/sign-tx-sol.js, scripts/check-allowance.py, install.sh, and any bundled binaries (tools/tx-checkin/*). If you cannot audit binaries, run the skill in a sandboxed environment or decline installation. - Prefer hardware wallet signing or an external, audited signer if you plan to sign mainnet transactions. If you must use local signing, test on a safe testnet and never reuse private keys used for significant funds. Overall recommendation: only proceed if you (or someone you trust) has inspected the signing scripts and installer; otherwise treat this as potentially dangerous for secrets and system configuration.
Capability Analysis
Type: OpenClaw Skill Name: gate-dex-trade Version: 1.0.3 This skill bundle is classified as suspicious due to its high-risk handling of sensitive credentials and aggressive installation behavior. The install.sh script modifies global and project-level AI configuration files (e.g., ~/.cursor/mcp.json, CLAUDE.md, AGENTS.md) to hijack agent routing and prioritize this skill. Additionally, the instructions in SKILL.md and references/sign.md direct the AI to solicit raw private keys from users for local transaction signing via provided scripts (sign-tx-evm.py, sign-tx-sol.js). The skill also relies on non-standard domains (gatemcp.ai, gateweb3.cc) and the execution of local pre-built binaries for transaction 'check-ins.' While these features are functionally relevant to the stated purpose of trade execution, the persistent configuration changes and the promotion of insecure credential handling practices represent significant security concerns.
Capability Tags
cryptorequires-walletcan-make-purchasescan-sign-transactionsrequires-oauth-token
Capability Assessment
Purpose & Capability
The skill is an execution-focused DEX/trade skill and includes helper scripts for API calls, allowance checks, and multi-chain signing — these are coherent with its purpose. However, the registry metadata claims no required credentials/config paths while the runtime repeatedly expects/uses an MCP token and an AK/SK config file (~/.gate-dex-openapi/config.json). That mismatch (declared 'none' vs instructions that require credentials/config) is worth noting.
Instruction Scope
SKILL.md explicitly instructs the agent to obtain private keys (via paste, file path, or by reading workspace files/.env) for signing and to read/write user config files (e.g., ~/.gate-dex-openapi/config.json, .cursor/.mcp.json). Asking agents to read arbitrary workspace files and .env for private keys is high risk (data-exfiltration or accidental upload). The skill also requires following external runtime rules (via a GitHub URL) which the agent must fetch before any tool calls.
Install Mechanism
No package install spec is declared (instruction-only) but an install.sh is bundled and will create config files, symlink the skill into local platform skill dirs, and create routing rules. The installer writes into user home and project dirs and ships prebuilt binaries (swap-checkin-*). Executing bundled binaries and an interactive installer is plausible for this skill but raises the usual risk surface (unsigned binaries, local execution).
Credentials
Registry lists no required env vars, but the runtime requires mcp_token (MCP mode) and/or AK/SK in ~/.gate-dex-openapi/config.json. The repo also contains example/default AK/SK values in references/_shared.md and install.sh writes a default OpenAPI config into the user's home. The skill asks for private keys and allows reading them from local files — broad access to sensitive secrets that is functional for signing, but not explicitly declared in metadata and therefore disproportionate without careful user review.
Persistence & Privilege
Skill does not request always:true and is user-invocable (normal). The installer writes persistent config and platform routing rules (e.g., .cursor/skills link, .cursor/rules, .mcp.json, opencode.json) which will increase how often the skill is considered for trading intents. That persistent integration is coherent for a trading skill but increases blast radius if misused.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gate-dex-trade
  3. After installation, invoke the skill by name or use /gate-dex-trade
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
- Updated MCP tool calls to use new operations: `dex_tx_swap_quote`, `dex_tx_swap_prepare`, and staged swap signing tools. - Added local binary execution details for swap check-in (`swap-checkin-mac`, `swap-checkin-linux`, `swap-checkin-win.exe`). - Clarified MCP mode workflow, including new tool names and binary usage. - Improved security rules and trigger scenarios descriptions. - Added/corrected documentation in references and tools/tx-checkin/README.md; removed deprecated OpenAPI reference file.
v1.0.2
- Clarified authentication requirements: MCP mode now uses OAuth `mcp_token` (not API Key) by default. - Updated description to emphasize on-chain swap, buy, and sell execution; triggers on DEX swap/bridge, not for price lookup or wallet management. - Made it explicit that API Key is not required for default MCP operations; OpenAPI mode is only for explicit user requests. - Added detailed note distinguishing MCP (OAuth) vs. CEX-style API keys for execution. - No functional changes to routing logic or execution flows.
v1.0.1
Gate DEX Trade v1.0.1 — Major refactor: separates execution logic, clarifies routing, and enhances security rules. - Rewrote SKILL.md for pure swap EXECUTION; no data lookups/account management here. - Centralized runtime and security policies; strict three-step confirmation for every on-chain swap. - Added modular references for MCP and OpenAPI workflows; OpenAPI now strictly opt-in. - Installation/setup, error handling, and helper scripts added in new references and scripts/ files. - Explicitly disallows OpenAPI fallback on MCP failure (project convention). - Updated and expanded documentation for supported chains, tool use, and user guidance.
v1.0.0
Gate DEX Trade 1.0.0 — Initial Release - Introduces dual mode support: intelligently routes trades using either MCP (via gate-wallet) or OpenAPI (AK/SK) based on environment and user intent. - Details comprehensive smart routing logic, mode selection criteria, and fallback handling for connection/authentication errors. - Specifies full MCP tool call process for quoting, swapping, and swap detail queries, including authentication and configuration guidance. - Outlines cross-skill collaboration scenarios and supported chains for both MCP and OpenAPI modes. - Enforces robust security and risk-checking rules, including three-step confirmation, balance verification, and risk alerts.
Metadata
Slug gate-dex-trade
Version 1.0.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Gate DEX Trade?

Gate DEX swap EXECUTION skill. For on-chain token exchange transactions that MODIFY blockchain state: swap, buy, sell, exchange, convert tokens, cross-chain... It is an AI Agent Skill for Claude Code / OpenClaw, with 336 downloads so far.

How do I install Gate DEX Trade?

Run "/install gate-dex-trade" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Gate DEX Trade free?

Yes, Gate DEX Trade is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Gate DEX Trade support?

Gate DEX Trade is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Gate DEX Trade?

It is built and maintained by Gate (@gate-exchange); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments