← Back to Skills Marketplace
bombmod

Liberfi Perpetuals

by bombmod · GitHub ↗ · v1.1.1 · MIT-0
cross-platform ⚠ suspicious
107
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install liberfi-perpetuals
Description
Query and trade perpetual futures through LiberFi's unified perpetuals API (openapi-server → perpetuals-server, Hyperliquid in MVP): list coins and markets,...
README (SKILL.md)

LiberFi Perpetuals

Perpetuals data and signed order relay flow via LiberFi OpenAPI (/v1/perpetuals/…perpetuals-server).

Pre-flight

See bootstrap.md for CLI install and lfi ping.

  • Read endpoints (coins, markets, orderbook, …): no auth.
  • User-scoped reads (positions, orders, fills): pass the wallet address (0x) as the positional argument. For first-person queries ("我的持仓", "my positions", etc.), the skill MUST auto-resolve the user's TEE EVM address via lfi statuslfi login key (if needed) → lfi whoami → use the returned evmAddress. NEVER ask the user for an address — the TEE wallet is server-managed and the user does not know it.
  • Order writes (order-prepare / order-submit, cancel variants): require a user wallet to sign typed data; agents must not fabricate signatures.
  • Deposit (recommended deposit-place): requires authentication (lfi status then lfi login key) — the server's TEE wallet signs and broadcasts on the user's behalf. The atomic deposit-quote / deposit-submit escape hatches do not require auth but the caller is then responsible for signing the SOL tx and broadcasting it themselves.

Skill routing

User intent Skill
Spot swap, bridge, gas send liberfi-swap
Trending spot tokens, new listings liberfi-market
Polymarket / Kalshi liberfi-predict
Spot token audit, DEX pools for a token liberfi-token
Perp markets, HL-style orderbook, perp positions liberfi-perpetuals
Funding the perp account (Solana → Hyperliquid via Relay), checking deposit lifecycle liberfi-perpetuals
Spot wallet holdings on a chain (not perp account) liberfi-portfolio

CLI index

Command Description
lfi perpetuals coins List tradable perp coins
lfi perpetuals markets Market snapshots (--symbols optional)
lfi perpetuals market \x3Csymbol> Single market
lfi perpetuals orderbook \x3Csymbol> L2 book (--max-level)
lfi perpetuals trades \x3Csymbol> Recent trades (--limit)
lfi perpetuals klines \x3Csymbol> Candles (--interval required)
lfi perpetuals positions \x3Caddress> Positions + margin summary
lfi perpetuals orders \x3Caddress> Open orders
lfi perpetuals fills \x3Caddress> Fill history
lfi perpetuals order-prepare Build typed data for place order
lfi perpetuals order-submit --body '\x3Cjson>' Submit signed place order
lfi perpetuals cancel-prepare Build typed data for cancel
lfi perpetuals cancel-submit --body '\x3Cjson>' Submit signed cancel
lfi perpetuals deposit-place --gross-lamports \x3Cn> Recommended: TEE one-click Solana → Hyperliquid deposit (server quotes, signs, broadcasts, submits). Auth required.
lfi perpetuals deposit-quote --user-solana-address \x3Ca> --hyperliquid-recipient \x3Ca> --gross-lamports \x3Cn> Escape hatch step 1: returns unsigned SOL tx + breakdown. Caller signs + broadcasts within ~30s, then calls deposit-submit.
lfi perpetuals deposit-submit --body '\x3Cjson>' Escape hatch step 2: record the broadcasted SOL tx hash. Idempotent on solanaTxHash.
lfi perpetuals deposit-status \x3CintentId> [--refresh] Read deposit lifecycle. --refresh bypasses any server-side cache (server-reserved knob; today both endpoints behave identically).

Common flags: --provider \x3Cname> (e.g. hyperliquid), global --json.

Funding / Deposit (Solana → Hyperliquid via Relay)

The deposit pipeline moves SOL from the user's Solana wallet to the user's Hyperliquid perp account via the Relay bridge service. The recommended path is the one-click TEE auto-flow:

  1. Authenticate (only first time): lfi status --json; if not logged in, lfi login key --role AGENT --name "\x3Cagent>" --json.
  2. Confirm intent with the user (amount in SOL, recipient if non-default).
  3. Place: lfi perpetuals deposit-place --gross-lamports \x3Clamports> --json
    • lamports = SOL × 1_000_000_000 (1 SOL = 1e9 lamports).
    • --hyperliquid-recipient is optional — defaults to the user's TEE EVM address (lfi whoami evmAddress), which is what 99% of users want.
  4. Capture the returned intentId and solanaTxHash.
  5. Poll: lfi perpetuals deposit-status \x3CintentId> --json until status is settled (typical: 30–120 s).

Server returns status: "broadcasted" immediately after step 3; the reconciliation loop progresses through relay_waiting → relay_pending → settled (or failed_* states). On failure consult the statusHistory[] and lastError fields for the recoverable / non- recoverable distinction.

For the atomic escape-hatch flow (when the user controls their own SOL private key outside the TEE, or recovering from a partial failure where the SOL tx has been broadcasted but submit did not succeed), see reference/deposit-flow.md.

Typical flows

Market overview

  1. lfi perpetuals markets --json
  2. Present symbol, mark price, funding where present.

Depth + tape

  1. lfi perpetuals orderbook BTC --json
  2. lfi perpetuals trades BTC --limit 20 --json

Positions for a known wallet

  1. lfi perpetuals positions 0xYourAddr --json

"My ..." auto-flow (CRITICAL — covers "我的", "my", "我自己")

If the user says "我有什么永续持仓", "我的合约持仓", "my perp positions", "我在 Hyperliquid 上挂了哪些单", "我永续盈亏", "show my fills" or any first-person variant — DO NOT ask for a wallet address. Run this exact sequence:

  1. Check session: lfi status --json
  2. If not authenticated: lfi login key --role AGENT --name "OpenClawAgent" --json
  3. Fetch TEE wallet address: lfi whoami --json → returns evmAddress (the user's TEE EVM address managed by the LiberFi server).
  4. Run the matching query with the EVM address as the positional arg:
    • Positions: lfi perpetuals positions \x3CevmAddress> --json
    • Open orders: lfi perpetuals orders \x3CevmAddress> --json
    • Fill history: lfi perpetuals fills \x3CevmAddress> --limit 20 --json
  5. Present the result. If positions / orders / fills are empty, say so directly — do not retry with a different address; an empty result is the correct answer for a fresh TEE wallet.

The user does not know their EVM address — the LiberFi server holds the TEE wallet. The skill must resolve "我" → TEE wallet via whoami, transparently.

Place order (human-in-the-loop)

  1. lfi perpetuals order-prepare --user-address 0x… --symbol BTC --side long --order-type limit --amount 0.01 --price 95000 --json
  2. User signs returned typedData with their wallet (e.g. MetaMask eth_signTypedData_v4).
  3. Build SignedAction: action, nonce, signature (0x), optional vaultAddress from prepare response.
  4. After explicit confirmation: lfi perpetuals order-submit --body '{"action":…,"nonce":…,"signature":"0x…"}' --json

API path reminder

All CLI calls hit OpenAPI paths under /v1/perpetuals/…, which the gateway proxies to perpetuals-server /v1/…. Configure the gateway with UPSTREAM_PERPETUALS_SERVICE_BASE_URL (default local example: http://localhost:8083 — avoid colliding with openapi :8080 and prediction :8082; run perpetuals-server with SERVER_PORT=8083 when colocated).

Usage Guidance
This skill claims to be a LiberFi perpetuals helper and largely documents the correct CLI flows, but it contains risky runtime instructions: it tells the agent to install a global npm package without asking, to retry registries and assert the package exists, and to perform agent-mode logins that create/use credentials. Before installing or enabling this skill you should: (1) refuse automatic installs — require explicit, per-install user consent for any npm -g action; (2) verify the CLI package on npmjs.org and that the package owner/publisher matches LiberFi (check package page, tarball, and repository); (3) request the skill author/source/homepage or the CLI repository to inspect code and confirm authenticity; (4) require that the agent ask the user before any login that creates agent credentials or before any deposit/order-submit operation; (5) run the skill in an isolated environment (sandbox/container) first to observe behavior; and (6) prefer to allow only read-only commands by default and block any automatic global installs or automatic agent login flows. If you want to proceed, ask the author for an explicit install spec (signed release URL or verified package) and a way to opt into performing the lfi login interactively rather than automatically.
Capability Analysis
Type: OpenClaw Skill Name: liberfi-perpetuals Version: 1.1.1 The skill bundle for 'liberfi-perpetuals' is classified as suspicious due to instructions in SKILL.md that command the agent to automatically install a global NPM package (@liberfi.io/cli) without user consent and to perform automated logins (lfi login key) to access server-managed TEE wallets. While these actions are aligned with the stated purpose of trading on LiberFi, the 'silent' installation and automated credential handling represent significant security risks and high-privilege operations that bypass typical user confirmation steps.
Capability Tags
cryptorequires-walletrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description match the allowed lfi commands and the SKILL.md focuses on perpetuals market data, orders, and deposits. However, the skill omits any declared install step while the instructions require installing a global npm package (@liberfi.io/cli) and using privileged agent login flows; those runtime requirements are not captured in the manifest and are not obviously necessary to declare at install time.
Instruction Scope
SKILL.md explicitly instructs the agent to install the CLI unilaterally ('install it WITHOUT asking the user') and to run agent-mode login (lfi login key --role AGENT --name "OpenClawAgent") to resolve the user's TEE wallet. It also tells the agent to auto-resolve the TEE EVM address and never ask the user for it. These are sensitive operations (global installs, credential provisioning, automated logins) outside a simple query/formatting scope and grant the agent significant capability to alter the host environment and to authenticate.
Install Mechanism
There is no registry install spec in the skill metadata; instead the SKILL.md instructs runtime installation via npm install -g @liberfi.io/cli from the public registry. Installing an npm package globally at runtime is a moderate-to-high risk action when performed without explicit user consent. The SKILL.md further instructs to retry with a specific registry URL and to assert that the package exists even if installation fails, which is suspicious guidance for an unattended install.
Credentials
The manifest lists no required environment variables or credentials, but the instructions expect the agent to run login flows that will create or use credentials (TEE wallet, LiberFi JWT) and to perform signing flows. Asking the agent to create an 'AGENT' key and act as an agent identity is a privileged action not reflected in required env/config metadata and is disproportionate for a simple read/query skill unless the user explicitly consents.
Persistence & Privilege
always:false (good) but the instructions enable persistent changes: global npm install, creating an agent login/credential, and using the TEE wallet via automated resolution. Those produce lasting system-side effects and credentials. Autonomous invocation combined with the instruction to auto-install and auto-login increases blast radius if the agent acts without user confirmation.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install liberfi-perpetuals
  3. After installation, invoke the skill by name or use /liberfi-perpetuals
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.1
Auto-resolve TEE evmAddress for first-person perp queries (positions/orders/fills)
v1.1.0
Add deposit one-click flow + reference doc + e2e tests
v1.0.0
Initial release of LiberFi Perpetuals skill. - Enables querying and trading perpetual futures via LiberFi's unified perpetuals API. - Supports market/coin listings, order books, trades, K-lines, and wallet-linked positions, orders, and fills. - Implements two-phase signed order and cancel flows for secure trading. - Requires CLI tool (`lfi`/`liberfi`); auto-installs if missing. - Designed exclusively for perp venue data and trading—routes other intents to relevant LiberFi skills.
Metadata
Slug liberfi-perpetuals
Version 1.1.1
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 3
Frequently Asked Questions

What is Liberfi Perpetuals?

Query and trade perpetual futures through LiberFi's unified perpetuals API (openapi-server → perpetuals-server, Hyperliquid in MVP): list coins and markets,... It is an AI Agent Skill for Claude Code / OpenClaw, with 107 downloads so far.

How do I install Liberfi Perpetuals?

Run "/install liberfi-perpetuals" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Liberfi Perpetuals free?

Yes, Liberfi Perpetuals is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Liberfi Perpetuals support?

Liberfi Perpetuals is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Liberfi Perpetuals?

It is built and maintained by bombmod (@bombmod); the current version is v1.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments