← 返回 Skills 市场
0xcipher0

Bou Wallet

作者 C9 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
89
总下载
2
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install bou-wallet
功能描述
Use this skill when an external agent already has an agent API key and needs to call this backend directly with curl for three capability groups: (1) `POST /...
使用说明 (SKILL.md)

BOU Wallet

Use direct HTTP requests with curl. Prefer this skill when the task is to operate this backend through an existing agent bearer key instead of building a separate SDK or CLI first.

First-time setup after install

If the user has installed this skill but does not have an agent API key yet, walk them through this setup first:

  1. Open https://app.bankofuniverse.org/
  2. Sign in, then create an agent in the app
  3. Generate the agent API key, then copy it and use it as AGENT_KEY in requests

If the user has not completed these steps yet, do not pretend the skill can run successfully. First help them obtain a valid ak_... key.

Required inputs

Collect these values before making any request:

  • BASE_URL: use https://api.bankofuniverse.org/ unless the user explicitly gives a different backend
  • AGENT_KEY: bearer token in ak_... format

Treat the agent key as secret. Do not print, commit, or store it in repo files.

Common request pattern

Use the same bearer auth for all three capability groups.

curl -sS "$BASE_URL/..." \
  -H "Authorization: Bearer $AGENT_KEY" \
  -H "Accept: application/json"

For JSON request bodies, also add:

-H "Content-Type: application/json"

Most responses use the shared wrapper:

{
  "code": 0,
  "message": "",
  "data": {}
}

Capability 1: x402 pay-and-call

Use POST /agent/pay-and-call when the agent needs to access an x402-protected upstream URL through this backend. Call this backend endpoint, not the merchant directly.

Body shape:

{
  "url": "https://merchant.example.com/path",
  "method": "GET",
  "headers": {
    "X-Custom-Header": "value"
  },
  "body": {
    "query": "ETH price"
  }
}

Rules:

  • Send a full upstream http:// or https:// URL in url
  • Use the upstream HTTP verb in method
  • Pass merchant headers as a JSON object when needed
  • Pass body only when the upstream endpoint expects one
  • The backend enforces agent status and USDC payment limits before paying
  • The backend rejects requests when the required payment is >= 0.1 USDC

Example:

curl -sS -X POST "$BASE_URL/agent/pay-and-call" \
  -H "Authorization: Bearer $AGENT_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://api.example.com/search",
    "method": "POST",
    "body": {
      "query": "BTC"
    }
  }'

x402 test cases

Use these upstream URLs to quickly test the pay-and-call flow.

Test case 1: random number

Upstream endpoint:

  • GET /cos/crypto/chainlink/random

Expected response body:

{
  "number": 42
}

Example:

curl -sS -X POST "https://api.bankofuniverse.org/agent/pay-and-call" \
  -H "Authorization: Bearer $AGENT_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://skills.bankofuniverse.org/cos/crypto/chainlink/random",
    "method": "GET"
  }'

Test case 2: crypto price

Upstream endpoint:

  • GET /cos/crypto/price/:symbol

Supported symbols:

  • ETH
  • BTC
  • USDC
  • USDT
  • TRX
  • BNB

Expected response body:

{
  "symbol": "BTC",
  "supportedSymbols": ["ETH", "BTC", "USDC", "USDT", "TRX", "BNB"],
  "price": 84000.12,
  "timestamp": 1710000000000
}

Example:

curl -sS -X POST "https://api.bankofuniverse.org/agent/pay-and-call" \
  -H "Authorization: Bearer $AGENT_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://skills.bankofuniverse.org/cos/crypto/price/BTC",
    "method": "GET"
  }'

Capability 2: current agent info

Use GET /agent/me to inspect the current agent resolved by the bearer key.

This endpoint returns the resolved agent, matched API key metadata, cumulative spent USDC, and a best-effort Base USDC balance lookup.

Example:

curl -sS "$BASE_URL/agent/me" \
  -H "Authorization: Bearer $AGENT_KEY"

Capability 3: Hyperliquid operations

Use the /hyperliquid endpoints when the agent needs to inspect or trade through the backend's Hyperliquid integration. All requests use the same bearer auth pattern.

Read endpoints

  • GET /hyperliquid/status Purpose: verify the current agent is authorized to use Hyperliquid for the resolved account. Key return fields: address is the resolved Hyperliquid account address. In agent mode, the response may also include signer-related identity information returned by the backend. Use it when: you want to confirm the bearer key is valid and Hyperliquid access is ready before reading balances or sending orders.
  • GET /hyperliquid/balances Purpose: fetch the latest account balance snapshot from Hyperliquid. Key return fields: data contains the balance payload returned by Hyperliquid for the resolved account, including available funds and account balance details. Use it when: you need to check available funds before trading, transferring, or withdrawing.
  • GET /hyperliquid/open-orders?coin=BTC Purpose: list current open orders, optionally filtered by one symbol. Key return fields: each item is normalized to include readable coin, side, and marketType; the rest of the item is the underlying open-order data. Use it when: you want to inspect working orders before canceling or placing another order.
  • GET /hyperliquid/markets?marketType=perp Purpose: list supported spot or perp markets. Key return fields: spot markets include fields such as coin, pairId, base, quote, szDecimals, weiDecimals, and marketType; perp markets include fields such as coin, base, quote, dexName, maxLeverage, szDecimals, onlyIsolated, marginMode, and marketType. Use it when: you need to discover valid symbols, decimals, supported dex markets, or leverage-related metadata before trading.
  • GET /hyperliquid/active-asset-data?coin=BTC Purpose: inspect the current account trading state for one perp coin. Key return fields: coin, leverage, isCross, leverageType, maxTradeSzs, availableToTrade, and markPx. maxTradeSzs and availableToTrade are two-element arrays: index 0 is the BUY value and index 1 is the SELL value. Use it when: you need the current leverage mode, tradeable size, or mark price for a perp coin before placing or sizing an order.
  • GET /hyperliquid/funding?coin=BTC Purpose: fetch current and next funding information for one perp market. Key return fields: coin, fundingRate, nextFundingRate, nextFundingTimestamp, markPrice, and indexPrice. Use it when: you want to evaluate funding cost, expected next funding, or compare mark price with oracle/index price.
  • GET /hyperliquid/orderbook?coin=BTC Purpose: fetch the live L2 order book for one market. Key return fields: data is the raw Hyperliquid order book snapshot, including bid and ask levels plus the snapshot time. Use it when: you need market depth, best bid/ask context, or raw book levels for quoting and execution logic.
  • GET /hyperliquid/positions Purpose: list current perp positions across available dex contexts for the account. Key return fields: each position includes dexName, marketType, coin, szi, leverage, isCross, leverageType, entryPx, positionValue, unrealizedPnl, returnOnEquity, liquidationPx, marginUsed, maxLeverage, and cumFunding. Use it when: you want a full view of current exposure, PnL, liquidation risk, and leverage usage.
  • GET /hyperliquid/fills?coin=BTC&since=1710000000000&limit=100 Purpose: list historical fills for the account, optionally filtered by symbol, start time, and result count. Key return fields: each fill is normalized to include readable coin, side, and marketType; the rest of the fill fields come from Hyperliquid's fill history. Use it when: you want recent execution history for trade reconciliation, reporting, or strategy logic.
  • GET /hyperliquid/ticker?coin=BTC&marketType=perp Purpose: fetch a compact ticker-style market snapshot for one symbol. Key return fields: coin, marketType, last, bid, ask, open, close, change, percentage, volume, quoteVolume, and timestamp. Use it when: you need a lightweight summary of current price, spread, daily move, and volume without reading the full order book.

Query rules:

  • marketType: perp or spot
  • coin: short asset symbol such as BTC or ETH
  • limit for fills: 1 to 500
  • nSigFigs for orderbook: 2, 3, 4, or 5
  • mantissa for orderbook: 2 or 5

Write endpoints

  • POST /hyperliquid/order
  • POST /hyperliquid/cancel
  • POST /hyperliquid/cancel-all
  • POST /hyperliquid/set-leverage
  • POST /hyperliquid/transfer
  • POST /hyperliquid/withdraw

Place order

Request body:

{
  "coin": "BTC",
  "marketType": "perp",
  "orderType": "limit",
  "side": "BUY",
  "size": "0.001",
  "price": "50000",
  "reduceOnly": false,
  "timeInForce": "Gtc"
}

Field rules:

  • orderType: market, limit, stop_limit, stop_market, or twap
  • side: BUY or SELL
  • size: numeric string
  • price: optional in the DTO, but required for limit-style orders such as limit and stop_limit
  • triggerPrice: optional in the DTO, but use it for stop orders such as stop_limit and stop_market
  • tpPrice and slPrice: optional take-profit and stop-loss values
  • timeInForce: Gtc, Ioc, or Alo
  • durationMinutes: optional in the DTO, min 5, max 1440; use it for TWAP-style flows when required by the backend logic
  • randomizeSlices: optional boolean for TWAP-style flows

Example:

curl -sS -X POST "$BASE_URL/hyperliquid/order" \
  -H "Authorization: Bearer $AGENT_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "coin": "BTC",
    "marketType": "perp",
    "orderType": "limit",
    "side": "BUY",
    "size": "0.001",
    "price": "50000"
  }'

Cancel selected orders

Request body:

{
  "orders": [
    {
      "coin": "BTC",
      "orderId": 123456
    }
  ]
}

Field rules:

  • orders: required array with at most 100 items
  • coin: required string for each item
  • orderId: required integer for each item, minimum 0

Cancel all orders

Request body:

{
  "coin": "BTC"
}

Omit coin to cancel all open orders across supported assets.

Set leverage

Request body:

{
  "coin": "BTC",
  "leverage": 5,
  "isCross": true
}

Transfer asset

Request body:

{
  "amount": "10",
  "dex": "",
  "fromPerp": true
}

Field rules:

  • amount: required numeric string
  • dex: optional dex name string; omit it to use the primary dex.
  • fromPerp: optional boolean, true means transfer from perp side

Withdraw asset

Use this endpoint to withdraw Perps USDC to the Arbitrum network.

Request body:

{
  "destination": "0x1234567890abcdef1234567890abcdef12345678",
  "amount": "10"
}

Field rules:

  • destination: required EVM address
  • amount: required numeric string

Execution checklist

Before running requests:

  • Verify BASE_URL is correct
  • Verify the token looks like ak_...
  • Verify JSON is valid
  • Verify Hyperliquid enum values match the accepted casing exactly
  • Prefer the two built-in x402 test cases above when validating a new agent key
  • Use -i when you need status codes or headers for debugging

If a request fails, inspect the wrapped JSON message plus the HTTP status first.

安全使用建议
Things to consider before installing/using this skill: - Provenance: the skill has no homepage or publisher info and the source is unknown. Prefer skills with verifiable vendor/docs. - Secret handling: the skill requires you to supply an AGENT_KEY (ak_...). Only use a key with minimal scope and lifetime. Never paste the key into public chat or commit it to repos. - Backend trust: this skill causes the backend to forward arbitrary upstream URLs (pay-and-call). Confirm with the backend operator that they block requests to internal IP ranges and other sensitive endpoints to prevent SSRF or unauthorized internal-network access. - Payment and limits: the backend pays upstream requests from the agent's USDC balance. Verify how billing is enforced and whether your key can be limited to avoid unexpected charges. - Test safely: use a throwaway or test agent key and the provided test endpoints before using real funds or production keys. - Metadata mismatch: the registry metadata doesn't declare AGENT_KEY or BASE_URL — ask the skill author/registry to update metadata so required credentials are explicit. If you cannot verify the backend operator or the skill's origin, avoid installing or using it with production credentials or funds.
功能分析
Type: OpenClaw Skill Name: bou-wallet Version: 1.0.0 The bou-wallet skill provides a standard interface for an AI agent to interact with the Bank of Universe API and Hyperliquid exchange via curl. While it handles sensitive operations like crypto trading and withdrawals, the instructions explicitly advise the agent to treat API keys as secrets and provide clear documentation for its intended financial management purposes without any evidence of malicious intent or data exfiltration.
能力评估
Purpose & Capability
The SKILL.md describes a wallet/trading proxy and curl patterns for three clearly related capability groups (pay-and-call, agent/me, hyperliquid). That purpose aligns with the runtime instructions. However the registry metadata lists no required environment variables or primary credential while the instructions explicitly require an AGENT_KEY and BASE_URL. Also there is no homepage or vendor information (source unknown), which reduces provenance and accountability.
Instruction Scope
Instructions ask the agent/operator to construct and send arbitrary upstream URLs to POST /agent/pay-and-call, which intentionally forwards requests to third-party URLs. That is functional for the described purpose but is also a broad capability: it allows the backend to fetch arbitrary endpoints (potential SSRF/internal endpoint access) and could be used to relay or exfiltrate data. The SKILL.md does instruct to treat the AGENT_KEY as secret and not to store it, which is good, but the forwarding capability and lack of guardrails in the instructions are concerning.
Install Mechanism
Instruction-only skill with no install steps and no code files — nothing is written to disk by the skill package itself. This is the lowest install risk.
Credentials
The skill legitimately needs an agent bearer key (AGENT_KEY) and a BASE_URL to operate; no other credentials are requested. However the registry metadata did not declare these required env values or a primary credential, creating a mismatch between declared requirements and actual runtime needs. The user must provide a secret bearer token when using the skill.
Persistence & Privilege
always is false and the skill does not request persistent presence or system-wide config changes. It is user-invocable and may be invoked autonomously by the agent (default platform behavior), but it does not request elevated platform privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install bou-wallet
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /bou-wallet 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
bou-wallet v1.0.0 changelog - Initial release. - Enables direct backend access for 3 main capability groups via curl: agent pay-and-call, agent profile/wallet inspection, and Hyperliquid trading endpoints. - Requires an agent API key (ak_...) and backend base URL as inputs. - Provides usage instructions for agent onboarding, bearer token setup, and endpoint-specific curl commands. - Includes example test cases and detailed API call patterns for each capability.
元数据
Slug bou-wallet
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Bou Wallet 是什么?

Use this skill when an external agent already has an agent API key and needs to call this backend directly with curl for three capability groups: (1) `POST /... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 89 次。

如何安装 Bou Wallet?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install bou-wallet」即可一键安装,无需额外配置。

Bou Wallet 是免费的吗?

是的,Bou Wallet 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Bou Wallet 支持哪些平台?

Bou Wallet 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Bou Wallet?

由 C9(@0xcipher0)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论