← Back to Skills Marketplace
ayushbherwani1998

Gator CLI

by AyushBherwani1998 · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
631
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install gator-cli
Description
Use when you need to operate the @metamask/gator-cli to initialize profiles, upgrade EOA to EIP-7702, grant, redeem, and revoke ERC-7710 delegations, or insp...
README (SKILL.md)

Quick Reference

Use this skill to run the gator CLI from the repo and to choose the correct command/flags for delegation workflows.

Installation

npm install -g @metamask/gator-cli

CLI Overview

  • Binary name: gator
  • Default profile: default
  • Config path: ~/.gator-cli/permissions.json (or ~/.gator-cli/profiles/\x3Cprofile-name>.json)
  • Delegations local cache: ~/.gator-cli/delegations/\x3Cprofile-name>.json when storage not configured

Configuration Requirements

Edit the profile config after gator init:

{
  "delegationStorage": {
    "apiKey": "your-api-key",
    "apiKeyId": "your-api-key-id"
  },
  "rpcUrl": "https://your-rpc-url.com"
}
  • delegationStorage is optional; when missing, delegations are stored locally.
  • rpcUrl is required for on-chain actions.

Commands

init

Generate a private key and save config. Errors if the profile already exists.

  • gator init [--chain \x3Cchain>] [--profile \x3Cprofile-name>]
  • --chain values: base (default), baseSepolia, sepolia
  • --profile default: default
  • Prints: address, chain, and config file path.

create

Upgrade an EOA to an EIP-7702 smart account. Uses the chain in your profile config.

  • gator create [--profile \x3Cprofile-name>]
  • Requires the account to be funded with native token first.
  • Prints: address, chain, and the upgrade transaction hash.

show

Display the EOA address for a profile.

  • gator show [--profile \x3Cprofile-name>]

status

Check config and on-chain account status.

  • gator status [--profile \x3Cprofile-name>]
  • Prints: address, chain, config upgrade status, on-chain code presence, storage and RPC URL config.

balance

Show native balance and optional ERC-20 balance.

  • gator balance [--tokenAddress \x3Caddress>] [--profile \x3Cprofile-name>]
  • If --tokenAddress is provided, prints ERC-20 balance and decimals-derived units.

grant

Create, sign, and store a delegation with a predefined scope.

  • gator grant --to \x3Cto-address> --scope \x3Ctype> [scope flags] [--profile \x3Cprofile-name>]

Scope flags:

  • Token scopes: --tokenAddress \x3Ctoken-address>, --maxAmount \x3Camount>, --tokenId \x3Cid>
  • Periodic scopes: --periodAmount \x3Camount>, --periodDuration \x3Cseconds>, --startDate \x3Ctimestamp>
  • Streaming scopes: --amountPerSecond \x3Camount>, --initialAmount \x3Camount>, --startTime \x3Ctimestamp>
  • Function call scope: --targets \x3Caddresses>, --selectors \x3Csigs>, --valueLte \x3Cether>
  • Ownership transfer: --contractAddress \x3Ccontract-address>

Supported scopes:

  • erc20TransferAmount
  • erc20PeriodTransfer
  • erc20Streaming
  • erc721Transfer
  • nativeTokenTransferAmount
  • nativeTokenPeriodTransfer
  • nativeTokenStreaming
  • functionCall
  • ownershipTransfer

Grant flags per scope:

Scope Required Flags Optional Flags
erc20TransferAmount --tokenAddress, --maxAmount
erc20PeriodTransfer --tokenAddress, --periodAmount, --periodDuration --startDate
erc20Streaming --tokenAddress, --amountPerSecond, --initialAmount, --maxAmount --startTime
erc721Transfer --tokenAddress, --tokenId
nativeTokenTransferAmount --maxAmount
nativeTokenPeriodTransfer --periodAmount, --periodDuration --startDate
nativeTokenStreaming --amountPerSecond, --initialAmount, --maxAmount --startTime
functionCall --targets, --selectors --valueLte
ownershipTransfer --contractAddress
  • --startDate and --startTime default to the current time (unix seconds) when omitted.
  • --valueLte sets the max native token value per call for functionCall scopes.

redeem

Redeem a stored delegation using a specific action type.

  • gator redeem --from \x3Cfrom-address> --action \x3Ctype> [action flags] [--profile \x3Cprofile-name>]

Supported action types: erc20Transfer, erc721Transfer, nativeTransfer, functionCall, ownershipTransfer, raw

Action-specific flags:

  • erc20Transfer: --tokenAddress, --to, --amount
  • erc721Transfer: --tokenAddress, --to, --tokenId
  • nativeTransfer: --to, --amount
  • functionCall: --target, --function, --args, --value
  • ownershipTransfer: --contractAddress, --to
  • raw: --target, --callData, --value

revoke

Revoke a delegation on-chain. Revokes the first matching delegation.

  • gator revoke --to \x3Cto-address> [--profile \x3Cprofile-name>]

inspect

Inspect delegations for your account.

  • gator inspect [--from \x3Cfrom-address>] [--to \x3Cto-address>] [--profile \x3Cprofile-name>]
  • With no filters, prints both Given and Received.
  • Printed fields: From, To, Authority, Caveats count, Signed flag.

Redeem Flags per Action

Action Required Flags
erc20Transfer --tokenAddress, --to, --amount
erc721Transfer --tokenAddress, --to, --tokenId
nativeTransfer --to, --amount
functionCall --target, --function, --args
ownershipTransfer --contractAddress, --to
raw --target, --callData

Example Flows

Initialize and upgrade:

gator init --profile \x3Cprofile-name>
gator create --profile \x3Cprofile-name>

Grant an ERC-20 transfer delegation:

gator grant --profile \x3Cprofile-name> --to \x3Cto-address> --scope erc20TransferAmount \
  --tokenAddress \x3Ctoken-address> --maxAmount 50

Redeem an ERC-20 transfer:

gator redeem --profile \x3Cprofile-name> --from \x3Cfrom-address> --action erc20Transfer \
  --tokenAddress \x3Ctoken-address> --to \x3Cto-address> --amount 10

Redeem a native transfer:

gator redeem --profile \x3Cprofile-name> --from \x3Cfrom-address> --action nativeTransfer \
  --to \x3Cto-address> --amount 0.5

Redeem in raw mode:

gator redeem --profile \x3Cprofile-name> --from \x3Cfrom-address> --action raw \
  --target \x3Ccontract-address> --callData 0xa9059cbb...

Inspect delegations:

gator inspect --profile \x3Cprofile-name>
gator inspect --profile \x3Cprofile-name> --from \x3Cfrom-address>
gator inspect --profile \x3Cprofile-name> --to \x3Cto-address>

Revoke a delegation:

gator revoke --profile \x3Cprofile-name> --to \x3Cto-address>

Operational Notes

  • Private key security: This is alpha version. Private keys are stored in plaintext JSON. Never use accounts with significant funds.
  • --from refers to the delegator address; --to refers to the delegate/recipient.
  • --targets and --selectors are comma-separated lists.
  • --function accepts a human-readable Solidity function signature like "approve(address,uint256)". Do not pass a 4-byte selector (e.g. 0x095ea7b3) — the CLI derives the selector from the signature automatically.
  • --startDate and --startTime accept unix timestamps in seconds. When omitted, they default to the current time.
  • --action is required for redeem and must be one of: erc20Transfer, erc721Transfer, nativeTransfer, functionCall, ownershipTransfer, raw.
  • Supported chains for --chain in gator init: base (default), baseSepolia, sepolia.
Usage Guidance
This skill is functionally coherent with the gator CLI, but it will generate and store private keys and write configuration and delegation files under ~/.gator-cli and may perform on-chain transactions using your RPC endpoint. Before installing: 1) Verify the npm package @metamask/gator-cli (publisher, package page, and checksum/signature) and prefer installing in a sandbox or container. 2) Expect the tool to create/modify files in your home directory (~/.gator-cli); back up any important data first. 3) Treat rpcUrl and delegationStorage apiKey as sensitive: use a dedicated RPC endpoint or account and do not expose high-privilege keys. 4) If you need stronger protection for private keys, use a hardware wallet or avoid letting the CLI generate/store keys on your host. 5) If you want greater assurance, inspect the package source before running, or run commands with --profile pointing to a dedicated test profile. The metadata omission of the config paths is why I rate this suspicious rather than benign.
Capability Analysis
Type: OpenClaw Skill Name: gator-cli Version: 1.0.1 This skill is designed to operate the `@metamask/gator-cli` for blockchain delegation management. It is classified as suspicious primarily due to the explicit disclosure in `SKILL.md` under 'Operational Notes' that 'Private keys are stored in plaintext JSON.' While this is a vulnerability in the underlying `gator-cli` tool rather than direct malice by the skill author, the skill instructs the agent to interact with a system that handles and stores critical cryptographic material in an insecure manner. Additionally, the `gator` CLI's `redeem` command supports a 'raw' action type, allowing arbitrary `callData` to a target contract, which, if misused (e.g., via prompt injection against the agent), could lead to unauthorized or malicious smart contract interactions.
Capability Assessment
Purpose & Capability
Name/description, declared binary ('gator'), and the npm package @metamask/gator-cli are consistent with the stated purpose of operating the Gator CLI for delegation and account workflows.
Instruction Scope
SKILL.md instructs the agent to run gator commands that generate and use private keys, read and write profile configs, and perform on-chain actions (requires rpcUrl and optional delegationStorage apiKey). It references config/cache paths under ~/.gator-cli. Those behaviors are expected for a CLI of this type, but they involve highly sensitive local data (private keys, delegation records) and on-chain operations which the skill metadata did not explicitly enumerate as config paths or sensitive requirements.
Install Mechanism
Install uses npm global install of @metamask/gator-cli which is a typical distribution mechanism. This is a moderate-risk install (third-party package execution). Verify the package publisher/name/version before installing and prefer installing in an isolated environment if unsure.
Credentials
The skill declares no required env vars or config paths, but SKILL.md expects/creates profile configs (~/.gator-cli/...) containing rpcUrl and optionally delegationStorage apiKey and private keys. The metadata omission is a mismatch: the CLI will touch and create sensitive local files and secrets that were not declared in requires.env / requires.config. That lack of explicit declaration reduces transparency and is a risk for users who assume no credentials or local files are accessed.
Persistence & Privilege
always:false and no cross-skill config changes are requested. However, runtime use will write files to the user's home (~/.gator-cli), including generated private keys and delegation caches. This is expected for the tool but is a persistent local footprint the user should accept explicitly.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gator-cli
  3. After installation, invoke the skill by name or use /gator-cli
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Added quick global installation instructions using `npm install -g @metamask/gator-cli`. - Documented support for the `baseSepolia` chain in the `init` command. - Clarified scopes, required and optional flags, and added detail on default values for `--startDate` and `--startTime`. - For `functionCall` grants, explicitly documented the optional `--valueLte` flag. - Added a warning regarding private key storage in plaintext JSON and alpha state of the tool. - Made minor corrections and clarifications for improved usability and accuracy.
v1.0.0
- Initial release of the gator-cli skill. - Provides detailed reference for using the gator CLI to manage EOA upgrade, delegation grants, redemptions, revocations, and inspections. - Documents all commands, required and optional flags, configuration paths, grant scopes, redeem action types, and example usage flows.
Metadata
Slug gator-cli
Version 1.0.1
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Gator CLI?

Use when you need to operate the @metamask/gator-cli to initialize profiles, upgrade EOA to EIP-7702, grant, redeem, and revoke ERC-7710 delegations, or insp... It is an AI Agent Skill for Claude Code / OpenClaw, with 631 downloads so far.

How do I install Gator CLI?

Run "/install gator-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Gator CLI free?

Yes, Gator CLI is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Gator CLI support?

Gator CLI is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Gator CLI?

It is built and maintained by AyushBherwani1998 (@ayushbherwani1998); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments