← Back to Skills Marketplace
trader
by
devatzeroxcore
· GitHub ↗
· v1.0.1
379
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install zeroexcore-trader
Description
Trade Solana tokens, track portfolio, bet on prediction markets, check NFT floors via the trader CLI.
Usage Guidance
This skill appears to be what it claims (a Solana trading CLI) but exercise caution before installing. Steps to consider:
- Verify the npm package and author: check the @zeroexcore/trader package page on npm and the linked GitHub repo, confirm the package maintainer and recent activity, and inspect the package contents if possible.
- Avoid storing your WALLET_PASSWORD in plaintext config files. Prefer exporting the password as an environment variable at runtime rather than writing it into ~/.openclaw/openclaw.json unless you confirm that file is encrypted and access-limited.
- Understand that global npm installs can execute arbitrary code during installation; if you cannot vet the package, run the CLI via npx in an isolated environment or inspect the package tarball first.
- Back up private keys offline after export, and treat any 'trader wallet export' output as extremely sensitive.
- If you need higher assurance, ask the publisher for a reproducible source link, package checksum, or a signed release; do not proceed if you cannot verify the package origin and integrity.
Capability Analysis
Type: OpenClaw Skill
Name: zeroexcore-trader
Version: 1.0.1
The skill bundle provides a Solana trading CLI with features for token swaps, prediction markets, and portfolio tracking. It includes explicit security instructions for the AI agent to prevent the disclosure of sensitive credentials and implements local encrypted storage (AES-256-GCM) with restricted file permissions (0600) for wallet data. The external dependencies (Helius and Jupiter APIs) are standard for the Solana ecosystem, and the documentation in SKILL.md focuses on safety rules and legitimate trading functionality without any signs of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
Name/description, required binary ('trader'), and required env vars (WALLET_PASSWORD, HELIUS_API_KEY) align with a Solana trading CLI. JUPITER_API_KEY is documented as optional for swaps/predictions which matches the behavior. Minor metadata inconsistency: the registry metadata lists no homepage/source but the SKILL.md includes a GitHub homepage, so origin verification is incomplete.
Instruction Scope
SKILL.md instructs the agent to use the CLI and to store wallet state under ~/.openclaw/, which is within the platform boundary — that's expected. However the docs also show storing the WALLET_PASSWORD in ~/.openclaw/openclaw.json (example: "apiKey": "your_wallet_password"), which implies plaintext or config-stored credentials; that contradicts the 'NEVER disclose wallet password' guidance and weakens the claimed 'secure storage' model. The README also instructs exporting the private key for backup (normal for wallets, but a sensitive operation that must be handled carefully).
Install Mechanism
The install uses an npm package (@zeroexcore/trader) to create the 'trader' binary — this is a plausible and common distribution method for a CLI. Npm installs can run arbitrary install scripts and there is no integrity checksum or pinned source in the skill metadata; combined with the registry metadata missing a verified homepage/source, this raises supply-chain risk that should be reviewed.
Credentials
Requested env vars (WALLET_PASSWORD as primary, HELIUS_API_KEY) are appropriate for a Solana trading CLI. The skill also documents optional JUPITER_API_KEY. Concern: example configuration shows placing WALLET_PASSWORD in the OpenClaw config file, which may store it in cleartext depending on platform settings — this is disproportionate to the declared 'do not disclose' guidance and increases exposure of the primary credential.
Persistence & Privilege
always:false and no special OS restrictions. The skill does not request permanent 'always' inclusion nor ask to modify other skills' configs. It writes to its own files under ~/.openclaw/, which is normal for per-skill state.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install zeroexcore-trader - After installation, invoke the skill by name or use
/zeroexcore-trader - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Added documentation for running the trader CLI with `npx` as an alternative to global installation.
- No other functional or behavioral changes.
v1.0.0
Initial release of zeroexcore-trader skill.
- Trade Solana tokens, track your portfolio, and bet on prediction markets via the trader CLI.
- Check NFT floor prices and listings directly from the command line.
- Encrypted wallet storage and strict security/safety rules (never share private keys; always keep SOL for gas).
- Automatic trade journaling and position tracking; view trades and PnL in your portfolio.
- Built-in diagnostics and troubleshooting prompts for common issues (wallet, API keys, balance).
- Easy installation with npm; configuration via OpenClaw supported.
Metadata
Frequently Asked Questions
What is trader?
Trade Solana tokens, track portfolio, bet on prediction markets, check NFT floors via the trader CLI. It is an AI Agent Skill for Claude Code / OpenClaw, with 379 downloads so far.
How do I install trader?
Run "/install zeroexcore-trader" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is trader free?
Yes, trader is completely free (open-source). You can download, install and use it at no cost.
Which platforms does trader support?
trader is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created trader?
It is built and maintained by devatzeroxcore (@devatzeroxcore); the current version is v1.0.1.
More Skills