← Back to Skills Marketplace
TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce
by
TigerPassNet
· GitHub ↗
· v0.1.1
· MIT-0
388
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install tigerpass
Description
Crypto wallet and trading terminal for AI agents — trade Hyperliquid perps and spot, bet on Polymarket predictions, swap tokens on 6 EVM chains, bridge USDC...
Usage Guidance
Things to check before installing/using TigerPass:
- Metadata inconsistency: the registry said 'no install spec' but SKILL.md includes Homebrew tap and GitHub build instructions. Ask the publisher to clarify install method and provide signed release binaries.
- Verify the source: inspect the Homebrew tap formula and the GitHub repo (TigerPassNet/tigerpass-cli). Confirm release artifacts, checksums, and code review (especially signing/bridge/messaging code) before running brew install or building as root.
- Audit the binary: the CLI is given authority to sign EIP-191/EIP-712 messages, do x402 HTTP payments, and execute arbitrary contracts. Ensure the binary is vendor-signed and inspect network endpoints it communicates with (especially any central relayers or discovery endpoints like tigerpass.net).
- Test with minimal funds: if you try it, use a brand-new EOA with minimal balance, and avoid granting unlimited ERC-20 allowances (avoid approve --amount max) until you understand the flows.
- Disable autonomous/agent-driven trades until you trust it: the skill supports autonomous agent-to-agent commerce and automatic builder-fee approvals — these can cause funds to move without further human confirmation.
- Confirm platform requirements: SKILL.md requires Apple Silicon and Secure Enclave; verify your device and whether the CLI enforces/assumes this.
- If you cannot audit the code, prefer not to install a custom CLI that holds signing authority. Request signed releases, reproducible builds, or a vetted Homebrew formula before using with real funds.
Summary recommendation: the skill's functionality matches its description, but because it grants a CLI broad ability to sign and move funds and the package sources are a custom tap/GitHub repo (plus metadata inconsistencies), proceed only after verifying the release artifacts and auditing the code; treat it as high-risk until proven trustworthy.
Capability Analysis
Type: OpenClaw Skill
Name: tigerpass
Version: 0.1.1
TigerPass is a comprehensive crypto trading terminal and wallet for AI agents, providing integration with Hyperliquid, Polymarket, and various EVM chains. It features hardware-secured signing via the Apple Secure Enclave and an agent-to-agent messaging protocol (ACE) for economic negotiations. While the tool incorporates security best practices such as EIP-7702 recovery and owner-verified command execution, it is classified as suspicious due to its high-risk capabilities, including autonomous management of financial assets, execution of arbitrary smart contracts (via `tigerpass exec` in advanced-commands.md), and persistent network communication with a third-party backend (tigerpass.net). These features, while aligned with the stated purpose, grant the agent significant financial and operational power that could be misused if the agent's logic is compromised.
Capability Assessment
Purpose & Capability
Name/description align with what the SKILL.md instructs: a macOS CLI 'tigerpass' that manages a hardware-secured EOA, trading, swaps, bridging, contract exec, and agent-to-agent messaging. Required binary 'tigerpass' and the described commands are coherent with the stated purpose.
Instruction Scope
The runtime instructions direct the agent to perform network operations (DEX/aggregator, Circle Iris, Hyperliquid flows), discover and message external agents, and autonomously sign payments (x402) and on‑chain transactions. Those actions are consistent with a wallet/trading terminal but grant broad ability to send funds and interact with external endpoints (including advertising endpoints like https://tigerpass.net/tap/agent/...). The SKILL.md also embeds approval/auto‑authorization behavior (e.g., auto-approve builder fee, unlimited approvals) which can cause funds to be spent without additional human confirmation. No instructions request unrelated local files or env vars, but the agent will contact and trust external services and other agents — this is high-impact for money-moving operations.
Install Mechanism
SKILL.md contains install commands (brew tap TigerPassNet/tigerpass and a GitHub build) even though the registry summary stated 'No install spec / instruction-only' — that's an inconsistency. The install sources themselves are standard (Homebrew tap and GitHub repo), not obscure URLs, but they are a custom tap and a third‑party GitHub org (TigerPassNet). That requires validating the tap and repository (formula, release artifacts, signatures) before installing. Building from source requires Xcode and sudo cp which modifies /usr/local/bin — expected for a CLI but worth auditing.
Credentials
The skill declares no environment variables or external credentials, which is consistent with using a hardware-backed key (Secure Enclave) and a local CLI. There are no unrelated credential requests. However, ability to sign payments and execute arbitrary contracts means the binary itself must be trusted — lack of declared env vars does not eliminate risk.
Persistence & Privilege
Skill is not always-included and allows model invocation (normal). It requests no special persistent system privileges in metadata, but the CLI will hold the signing capability (Secure Enclave access) and can perform autonomous signing and on‑chain payments. Combined with network discovery/messaging, this gives a large operational blast radius if the binary is malicious or buggy — verify binary provenance and signing behavior before gifting it any funds or enabling autonomous workflows.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tigerpass - After installation, invoke the skill by name or use
/tigerpass - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Hardware-secured EVM wallet (Apple Secure Enclave), built-in Hyperliquid perps/spot trading, Polymarket prediction markets, 0x DEX swaps across 6 chains, Circle CCTP V2 cross-chain bridge, smart contract execution, EIP-191/712 signing, x402 payments, and ACE Protocol for E2E encrypted agent-to-agent commerce with on-chain reputation.
v0.1.0
TigerPass 0.1.0 — Initial Release
- Equips AI agents with a hardware-secured on-chain identity (Secure Enclave +
ERC-8004), enabling autonomous crypto operations without human intermediation — agents
can discover peers, negotiate terms, and settle payments independently.
- Implements TAP (TigerPass Agent Protocol) for E2E encrypted, cryptographically signed
agent-to-agent messaging — supporting a full economic loop: RFQ → Offer → Accept →
Invoice → On-chain Settlement, all schema-validated and owner-verified.
- Provides built-in trading engines for autonomous execution: DEX swaps (0x, 10
chains), Hyperliquid perpetual futures & spot trading, and Polymarket prediction
markets — each a single CLI command with automatic signing.
- Uses a dual-address architecture: EOA (signing identity + agent-to-agent comms) and
Safe smart account (fund custody + transaction execution), both derived from a
non-exportable Secure Enclave key.
- Manages five distinct balance pools across chains to prevent operational errors —
separating wallet, EOA, and per-venue trading balances (Hyperliquid L1,
Polymarket/Polygon, HyperEVM).
- Supports x402 HTTP payments, EIP-191/712 message signing, smart contract execution,
and on-chain identity registration — providing a complete autonomous agent
infrastructure on Apple Silicon (macOS 14+).
Metadata
Frequently Asked Questions
What is TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce?
Crypto wallet and trading terminal for AI agents — trade Hyperliquid perps and spot, bet on Polymarket predictions, swap tokens on 6 EVM chains, bridge USDC... It is an AI Agent Skill for Claude Code / OpenClaw, with 388 downloads so far.
How do I install TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce?
Run "/install tigerpass" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce free?
Yes, TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce support?
TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos).
Who created TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce?
It is built and maintained by TigerPassNet (@tigerpassnet); the current version is v0.1.1.
More Skills