← Back to Skills Marketplace
333
Downloads
0
Stars
1
Active Installs
5
Versions
Install in OpenClaw
/install nansen-trading
Description
Execute DEX swaps on Solana or Base, including cross-chain bridges. Use when buying or selling a token, getting a swap quote, or executing a trade.
Usage Guidance
This skill appears to be a legitimate CLI wrapper for trading, but there are important mismatches and risks to check before installing:
- Verify the nansen-cli package: inspect its npm and GitHub source, recent publisher, and make sure it is the official CLI. Npm packages can contain arbitrary code during install.
- Confirm the config path behavior: SKILL.md expects ~/.nansen/.env for the wallet password but the skill metadata does not declare any required config paths. Ask the publisher to declare required config paths and explain how secrets are stored.
- Avoid storing wallet passwords in plaintext. If possible, use a hardware wallet or an approach that does not require persisting a plaintext password in ~/.nansen/.env. If you must persist, restrict file permissions, encrypt the file, and understand where the keys live.
- Limit credential scope: use a dedicated API key and dedicated wallet with minimal funds for automation, not your main accounts.
- Consider running install and CLI usage in an isolated environment (container/VM) and audit network calls if you will grant this agent NANSEN_API_KEY and the wallet password.
If you decide to proceed, request clarification from the skill author about the missing config-path declaration and how wallet secrets are managed and rotated; do not provide your primary wallet credentials until you have verified the CLI source and storage behavior.
Capability Analysis
Type: OpenClaw Skill
Name: nansen-trading
Version: 0.1.4
The skill facilitates cryptocurrency trading and cross-chain bridging, which are inherently high-risk operations for an autonomous agent. It is classified as suspicious because SKILL.md explicitly instructs the agent to persist the sensitive 'NANSEN_WALLET_PASSWORD' in a local file (~/.nansen/.env), a significant security vulnerability that exposes credentials to any process or user with file system access. While these capabilities are aligned with the stated purpose of the 'nansen-cli' tool, the combination of credential persistence and irreversible financial transaction execution poses a substantial risk without additional safeguards.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description (DEX swaps on Solana/Base) aligns with requiring a 'nansen' CLI and an API key and wallet password. However the SKILL.md expects a persisted file (~/.nansen/.env) for the wallet password but the skill metadata declares no required config paths. That mismatch between declared requirements and runtime expectations is an incoherence that should be resolved.
Instruction Scope
Instructions stay within trading functionality (quote, execute, bridge-status) but explicitly direct agents to persist and source a wallet password from ~/.nansen/.env and to run wallet-creation commands. Directing agents to persist a secret to disk (and to source it) expands scope beyond mere API access and may lead to sensitive data being written/read without an explicit declared config path or considered consent flow.
Install Mechanism
Install is a Node/npm package ('nansen-cli') that provides the 'nansen' binary — this is coherent with the declared required binary. Npm packages are a normal install mechanism but carry typical supply-chain risk; no arbitrary downloads or extract-from-URL steps are present.
Credentials
The required env vars (NANSEN_API_KEY, NANSEN_WALLET_PASSWORD) are relevant to trading and unlocking a wallet, so they are plausible. However the SKILL.md prescribes persisting NANSEN_WALLET_PASSWORD in ~/.nansen/.env (plaintext by implication) and sourcing it before execute. The skill metadata did not declare any required config paths, and persisting secrets to an undeclared file is disproportionate and a security concern.
Persistence & Privilege
The skill does not request always:true (good) but the runtime instructions expect and instruct persistent state changes (wallet creation, storing ~/.nansen/.env, disk-based keys). That modifies user home state and creates persistent credentials without the skill declaring config-path requirements; combined with autonomous invocation ability, this increases blast radius if a compromised/npm package or API key is misused.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nansen-trading - After installation, invoke the skill by name or use
/nansen-trading - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.4
- Enforced new swap constraint: at least one side of every swap must be USDC or the native token (SOL or ETH). Arbitrary token-to-token swaps are now rejected.
- Added a "Constraints" section to documentation explaining the new limitation and providing the relevant token addresses.
- Clarified cross-chain behavior to ensure constraint applies per-chain.
- No changes to usage or CLI commands; changes are solely to documentation and allowed swap types.
v0.1.3
- Added support for specifying USD amounts directly with the --amount-unit usd flag.
- Updated documentation to reflect new flag options: --amount-unit usd, --auto-slippage, --max-auto-slippage, --swap-mode, and --quote-index.
- Clarified amount handling: no manual price conversion needed for USD amounts; the CLI resolves pricing automatically.
- Separated trade quote, execute, and bridge-status flag documentation for improved clarity.
v0.1.2
- Added support for cross-chain swaps and bridging between Solana and Base using --to-chain and --to-wallet flags.
- Documented new bridge status tracking command: nansen trade bridge-status.
- Updated flag and usage documentation for cross-chain swaps.
- Clarified requirements for gas on source chain during bridging.
- Expanded description to reflect DEX swaps and cross-chain bridge capability.
v0.1.1
- Added support and documentation for the --amount-unit flag to allow specifying trade amounts in token units (e.g. 0.5 SOL) instead of only integer base units.
- Updated guidance for handling "$X worth of token" queries, including price lookup instructions and conversion steps.
- Clarified usage of --amount and --amount-unit in various scenarios with explicit examples.
- No changes to core functionality; these updates improve clarity and make trading by token amounts easier.
v0.1.0
Initial release of nansen-trading skill.
- Enables DEX swaps on Solana or Base (quote and execute trades).
- Requires a wallet and environment variables: NANSEN_API_KEY and NANSEN_WALLET_PASSWORD.
- Supports trading, getting swap quotes, and executing transactions using nansen-cli.
- Details wallet setup, token decimals, token addresses, and necessary CLI flags.
- Handles wallet password management according to security best practices.
Metadata
Frequently Asked Questions
What is Nansen Trading?
Execute DEX swaps on Solana or Base, including cross-chain bridges. Use when buying or selling a token, getting a swap quote, or executing a trade. It is an AI Agent Skill for Claude Code / OpenClaw, with 333 downloads so far.
How do I install Nansen Trading?
Run "/install nansen-trading" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Nansen Trading free?
Yes, Nansen Trading is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Nansen Trading support?
Nansen Trading is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Nansen Trading?
It is built and maintained by Nansen AI (@nansen-devops); the current version is v0.1.4.
More Skills