← Back to Skills Marketplace
0xcipher0

Bou Wallet

by C9 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
89
Downloads
2
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install bou-wallet
Description
Use this skill when an external agent already has an agent API key and needs to call this backend directly with curl for three capability groups: (1) `POST /...
README (SKILL.md)

BOU Wallet

Use direct HTTP requests with curl. Prefer this skill when the task is to operate this backend through an existing agent bearer key instead of building a separate SDK or CLI first.

First-time setup after install

If the user has installed this skill but does not have an agent API key yet, walk them through this setup first:

  1. Open https://app.bankofuniverse.org/
  2. Sign in, then create an agent in the app
  3. Generate the agent API key, then copy it and use it as AGENT_KEY in requests

If the user has not completed these steps yet, do not pretend the skill can run successfully. First help them obtain a valid ak_... key.

Required inputs

Collect these values before making any request:

  • BASE_URL: use https://api.bankofuniverse.org/ unless the user explicitly gives a different backend
  • AGENT_KEY: bearer token in ak_... format

Treat the agent key as secret. Do not print, commit, or store it in repo files.

Common request pattern

Use the same bearer auth for all three capability groups.

curl -sS "$BASE_URL/..." \
  -H "Authorization: Bearer $AGENT_KEY" \
  -H "Accept: application/json"

For JSON request bodies, also add:

-H "Content-Type: application/json"

Most responses use the shared wrapper:

{
  "code": 0,
  "message": "",
  "data": {}
}

Capability 1: x402 pay-and-call

Use POST /agent/pay-and-call when the agent needs to access an x402-protected upstream URL through this backend. Call this backend endpoint, not the merchant directly.

Body shape:

{
  "url": "https://merchant.example.com/path",
  "method": "GET",
  "headers": {
    "X-Custom-Header": "value"
  },
  "body": {
    "query": "ETH price"
  }
}

Rules:

  • Send a full upstream http:// or https:// URL in url
  • Use the upstream HTTP verb in method
  • Pass merchant headers as a JSON object when needed
  • Pass body only when the upstream endpoint expects one
  • The backend enforces agent status and USDC payment limits before paying
  • The backend rejects requests when the required payment is >= 0.1 USDC

Example:

curl -sS -X POST "$BASE_URL/agent/pay-and-call" \
  -H "Authorization: Bearer $AGENT_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://api.example.com/search",
    "method": "POST",
    "body": {
      "query": "BTC"
    }
  }'

x402 test cases

Use these upstream URLs to quickly test the pay-and-call flow.

Test case 1: random number

Upstream endpoint:

  • GET /cos/crypto/chainlink/random

Expected response body:

{
  "number": 42
}

Example:

curl -sS -X POST "https://api.bankofuniverse.org/agent/pay-and-call" \
  -H "Authorization: Bearer $AGENT_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://skills.bankofuniverse.org/cos/crypto/chainlink/random",
    "method": "GET"
  }'

Test case 2: crypto price

Upstream endpoint:

  • GET /cos/crypto/price/:symbol

Supported symbols:

  • ETH
  • BTC
  • USDC
  • USDT
  • TRX
  • BNB

Expected response body:

{
  "symbol": "BTC",
  "supportedSymbols": ["ETH", "BTC", "USDC", "USDT", "TRX", "BNB"],
  "price": 84000.12,
  "timestamp": 1710000000000
}

Example:

curl -sS -X POST "https://api.bankofuniverse.org/agent/pay-and-call" \
  -H "Authorization: Bearer $AGENT_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://skills.bankofuniverse.org/cos/crypto/price/BTC",
    "method": "GET"
  }'

Capability 2: current agent info

Use GET /agent/me to inspect the current agent resolved by the bearer key.

This endpoint returns the resolved agent, matched API key metadata, cumulative spent USDC, and a best-effort Base USDC balance lookup.

Example:

curl -sS "$BASE_URL/agent/me" \
  -H "Authorization: Bearer $AGENT_KEY"

Capability 3: Hyperliquid operations

Use the /hyperliquid endpoints when the agent needs to inspect or trade through the backend's Hyperliquid integration. All requests use the same bearer auth pattern.

Read endpoints

  • GET /hyperliquid/status Purpose: verify the current agent is authorized to use Hyperliquid for the resolved account. Key return fields: address is the resolved Hyperliquid account address. In agent mode, the response may also include signer-related identity information returned by the backend. Use it when: you want to confirm the bearer key is valid and Hyperliquid access is ready before reading balances or sending orders.
  • GET /hyperliquid/balances Purpose: fetch the latest account balance snapshot from Hyperliquid. Key return fields: data contains the balance payload returned by Hyperliquid for the resolved account, including available funds and account balance details. Use it when: you need to check available funds before trading, transferring, or withdrawing.
  • GET /hyperliquid/open-orders?coin=BTC Purpose: list current open orders, optionally filtered by one symbol. Key return fields: each item is normalized to include readable coin, side, and marketType; the rest of the item is the underlying open-order data. Use it when: you want to inspect working orders before canceling or placing another order.
  • GET /hyperliquid/markets?marketType=perp Purpose: list supported spot or perp markets. Key return fields: spot markets include fields such as coin, pairId, base, quote, szDecimals, weiDecimals, and marketType; perp markets include fields such as coin, base, quote, dexName, maxLeverage, szDecimals, onlyIsolated, marginMode, and marketType. Use it when: you need to discover valid symbols, decimals, supported dex markets, or leverage-related metadata before trading.
  • GET /hyperliquid/active-asset-data?coin=BTC Purpose: inspect the current account trading state for one perp coin. Key return fields: coin, leverage, isCross, leverageType, maxTradeSzs, availableToTrade, and markPx. maxTradeSzs and availableToTrade are two-element arrays: index 0 is the BUY value and index 1 is the SELL value. Use it when: you need the current leverage mode, tradeable size, or mark price for a perp coin before placing or sizing an order.
  • GET /hyperliquid/funding?coin=BTC Purpose: fetch current and next funding information for one perp market. Key return fields: coin, fundingRate, nextFundingRate, nextFundingTimestamp, markPrice, and indexPrice. Use it when: you want to evaluate funding cost, expected next funding, or compare mark price with oracle/index price.
  • GET /hyperliquid/orderbook?coin=BTC Purpose: fetch the live L2 order book for one market. Key return fields: data is the raw Hyperliquid order book snapshot, including bid and ask levels plus the snapshot time. Use it when: you need market depth, best bid/ask context, or raw book levels for quoting and execution logic.
  • GET /hyperliquid/positions Purpose: list current perp positions across available dex contexts for the account. Key return fields: each position includes dexName, marketType, coin, szi, leverage, isCross, leverageType, entryPx, positionValue, unrealizedPnl, returnOnEquity, liquidationPx, marginUsed, maxLeverage, and cumFunding. Use it when: you want a full view of current exposure, PnL, liquidation risk, and leverage usage.
  • GET /hyperliquid/fills?coin=BTC&since=1710000000000&limit=100 Purpose: list historical fills for the account, optionally filtered by symbol, start time, and result count. Key return fields: each fill is normalized to include readable coin, side, and marketType; the rest of the fill fields come from Hyperliquid's fill history. Use it when: you want recent execution history for trade reconciliation, reporting, or strategy logic.
  • GET /hyperliquid/ticker?coin=BTC&marketType=perp Purpose: fetch a compact ticker-style market snapshot for one symbol. Key return fields: coin, marketType, last, bid, ask, open, close, change, percentage, volume, quoteVolume, and timestamp. Use it when: you need a lightweight summary of current price, spread, daily move, and volume without reading the full order book.

Query rules:

  • marketType: perp or spot
  • coin: short asset symbol such as BTC or ETH
  • limit for fills: 1 to 500
  • nSigFigs for orderbook: 2, 3, 4, or 5
  • mantissa for orderbook: 2 or 5

Write endpoints

  • POST /hyperliquid/order
  • POST /hyperliquid/cancel
  • POST /hyperliquid/cancel-all
  • POST /hyperliquid/set-leverage
  • POST /hyperliquid/transfer
  • POST /hyperliquid/withdraw

Place order

Request body:

{
  "coin": "BTC",
  "marketType": "perp",
  "orderType": "limit",
  "side": "BUY",
  "size": "0.001",
  "price": "50000",
  "reduceOnly": false,
  "timeInForce": "Gtc"
}

Field rules:

  • orderType: market, limit, stop_limit, stop_market, or twap
  • side: BUY or SELL
  • size: numeric string
  • price: optional in the DTO, but required for limit-style orders such as limit and stop_limit
  • triggerPrice: optional in the DTO, but use it for stop orders such as stop_limit and stop_market
  • tpPrice and slPrice: optional take-profit and stop-loss values
  • timeInForce: Gtc, Ioc, or Alo
  • durationMinutes: optional in the DTO, min 5, max 1440; use it for TWAP-style flows when required by the backend logic
  • randomizeSlices: optional boolean for TWAP-style flows

Example:

curl -sS -X POST "$BASE_URL/hyperliquid/order" \
  -H "Authorization: Bearer $AGENT_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "coin": "BTC",
    "marketType": "perp",
    "orderType": "limit",
    "side": "BUY",
    "size": "0.001",
    "price": "50000"
  }'

Cancel selected orders

Request body:

{
  "orders": [
    {
      "coin": "BTC",
      "orderId": 123456
    }
  ]
}

Field rules:

  • orders: required array with at most 100 items
  • coin: required string for each item
  • orderId: required integer for each item, minimum 0

Cancel all orders

Request body:

{
  "coin": "BTC"
}

Omit coin to cancel all open orders across supported assets.

Set leverage

Request body:

{
  "coin": "BTC",
  "leverage": 5,
  "isCross": true
}

Transfer asset

Request body:

{
  "amount": "10",
  "dex": "",
  "fromPerp": true
}

Field rules:

  • amount: required numeric string
  • dex: optional dex name string; omit it to use the primary dex.
  • fromPerp: optional boolean, true means transfer from perp side

Withdraw asset

Use this endpoint to withdraw Perps USDC to the Arbitrum network.

Request body:

{
  "destination": "0x1234567890abcdef1234567890abcdef12345678",
  "amount": "10"
}

Field rules:

  • destination: required EVM address
  • amount: required numeric string

Execution checklist

Before running requests:

  • Verify BASE_URL is correct
  • Verify the token looks like ak_...
  • Verify JSON is valid
  • Verify Hyperliquid enum values match the accepted casing exactly
  • Prefer the two built-in x402 test cases above when validating a new agent key
  • Use -i when you need status codes or headers for debugging

If a request fails, inspect the wrapped JSON message plus the HTTP status first.

Usage Guidance
Things to consider before installing/using this skill: - Provenance: the skill has no homepage or publisher info and the source is unknown. Prefer skills with verifiable vendor/docs. - Secret handling: the skill requires you to supply an AGENT_KEY (ak_...). Only use a key with minimal scope and lifetime. Never paste the key into public chat or commit it to repos. - Backend trust: this skill causes the backend to forward arbitrary upstream URLs (pay-and-call). Confirm with the backend operator that they block requests to internal IP ranges and other sensitive endpoints to prevent SSRF or unauthorized internal-network access. - Payment and limits: the backend pays upstream requests from the agent's USDC balance. Verify how billing is enforced and whether your key can be limited to avoid unexpected charges. - Test safely: use a throwaway or test agent key and the provided test endpoints before using real funds or production keys. - Metadata mismatch: the registry metadata doesn't declare AGENT_KEY or BASE_URL — ask the skill author/registry to update metadata so required credentials are explicit. If you cannot verify the backend operator or the skill's origin, avoid installing or using it with production credentials or funds.
Capability Analysis
Type: OpenClaw Skill Name: bou-wallet Version: 1.0.0 The bou-wallet skill provides a standard interface for an AI agent to interact with the Bank of Universe API and Hyperliquid exchange via curl. While it handles sensitive operations like crypto trading and withdrawals, the instructions explicitly advise the agent to treat API keys as secrets and provide clear documentation for its intended financial management purposes without any evidence of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
The SKILL.md describes a wallet/trading proxy and curl patterns for three clearly related capability groups (pay-and-call, agent/me, hyperliquid). That purpose aligns with the runtime instructions. However the registry metadata lists no required environment variables or primary credential while the instructions explicitly require an AGENT_KEY and BASE_URL. Also there is no homepage or vendor information (source unknown), which reduces provenance and accountability.
Instruction Scope
Instructions ask the agent/operator to construct and send arbitrary upstream URLs to POST /agent/pay-and-call, which intentionally forwards requests to third-party URLs. That is functional for the described purpose but is also a broad capability: it allows the backend to fetch arbitrary endpoints (potential SSRF/internal endpoint access) and could be used to relay or exfiltrate data. The SKILL.md does instruct to treat the AGENT_KEY as secret and not to store it, which is good, but the forwarding capability and lack of guardrails in the instructions are concerning.
Install Mechanism
Instruction-only skill with no install steps and no code files — nothing is written to disk by the skill package itself. This is the lowest install risk.
Credentials
The skill legitimately needs an agent bearer key (AGENT_KEY) and a BASE_URL to operate; no other credentials are requested. However the registry metadata did not declare these required env values or a primary credential, creating a mismatch between declared requirements and actual runtime needs. The user must provide a secret bearer token when using the skill.
Persistence & Privilege
always is false and the skill does not request persistent presence or system-wide config changes. It is user-invocable and may be invoked autonomously by the agent (default platform behavior), but it does not request elevated platform privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install bou-wallet
  3. After installation, invoke the skill by name or use /bou-wallet
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
bou-wallet v1.0.0 changelog - Initial release. - Enables direct backend access for 3 main capability groups via curl: agent pay-and-call, agent profile/wallet inspection, and Hyperliquid trading endpoints. - Requires an agent API key (ak_...) and backend base URL as inputs. - Provides usage instructions for agent onboarding, bearer token setup, and endpoint-specific curl commands. - Includes example test cases and detailed API call patterns for each capability.
Metadata
Slug bou-wallet
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Bou Wallet?

Use this skill when an external agent already has an agent API key and needs to call this backend directly with curl for three capability groups: (1) `POST /... It is an AI Agent Skill for Claude Code / OpenClaw, with 89 downloads so far.

How do I install Bou Wallet?

Run "/install bou-wallet" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Bou Wallet free?

Yes, Bou Wallet is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Bou Wallet support?

Bou Wallet is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Bou Wallet?

It is built and maintained by C9 (@0xcipher0); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments