← 返回 Skills 市场
ClankerKit
作者
Wahid Shaikh
· GitHub ↗
· v0.1.0
539
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install clankerkit
功能描述
Autonomous wallet operations for AI agents on Monad — swap, stake, deploy wallets, trade memecoins, and manage spending policies via natural language.
使用说明 (SKILL.md)
ClankerKit - Autonomous Wallet for AI Agents on Monad
ClankerKit gives your AI agent autonomous financial capabilities on Monad blockchain. Deploy a smart contract wallet, set spending policies, swap tokens via Kuru DEX, stake MON, trade memecoins with strategies, and execute cross-chain swaps.
Quick Start
# Install the skill
claw skill install clankerkit
Environment Variables
| Variable | Required | Description |
|---|---|---|
AGENT_WALLET_ADDRESS |
Yes | Deployed AgentWallet contract address |
POLICY_ENGINE_ADDRESS |
Yes | Deployed PolicyEngine contract address |
AGENT_PRIVATE_KEY |
Yes | Agent's private key (with 0x prefix) |
OWNER_ADDRESS |
Yes | Human owner address |
MONAD_RPC_URL |
No | Monad RPC URL (default: testnet) |
MONAD_NETWORK |
No | testnet or mainnet (default: testnet) |
ZEROX_API_KEY |
No | 0x Swap API key (only for zerox_swap) |
Tools (32 total)
Wallet Management
get_wallet_info
Get wallet address, owner, agent, MON balance, and policy state.
get_token_balance
Get ERC-20 token balance of the agent wallet.
- token: Token symbol (WMON, USDC, CHOG, DAK, YAKI) or contract address
send_tokens
Send native MON tokens from the wallet.
- to: Recipient address
- amount: Amount in human-readable form (e.g. "0.5")
send_token
Send ERC-20 tokens from the wallet.
- token: Token contract address
- to: Recipient address
- amount: Amount in human-readable form
execute_transaction
Execute an arbitrary contract call via the wallet.
- target: Target contract address
- value: Native MON to send (wei, default "0")
- data: Encoded calldata (hex)
ensure_gas
Ensure the agent EOA has enough MON for gas fees. If the EOA balance is below the minimum threshold, automatically sends MON from the AgentWallet contract to the EOA. Users only need to fund the wallet contract — the agent tops up its own gas from there.
- minBalance: Minimum acceptable EOA balance in MON (human-readable, default "0.01")
- topUpAmount: Amount of MON to send to EOA if below minimum (human-readable, default "0.05")
Policy & Security
get_policy
View current spending limits (daily/weekly), usage, and allowlists.
create_policy
Create a spending policy. Must be called once before guarded transactions work.
- dailyLimit: Max MON per day (human-readable, e.g. "1.0")
- weeklyLimit: Max MON per week (defaults to 7x daily)
- allowedTokens: Optional ERC-20 address allowlist
- allowedContracts: Optional contract address allowlist
- requireApprovalAbove: MON threshold for owner approval
update_daily_limit
Update the daily spending limit.
- newLimit: New limit in human-readable MON
Token Swaps (Kuru DEX)
swap_tokens
Swap tokens on Monad via Kuru Flow aggregator. Accepts symbols (MON, USDC, WMON, CHOG, DAK, AUSD, WETH, WBTC) or contract addresses.
- tokenIn: Source token (symbol or address)
- tokenOut: Destination token (symbol or address)
- amount: Human-readable amount (e.g. "0.01")
- slippage: Slippage in bps (default: 50 = 0.5%)
get_swap_quote
Get a swap quote without executing.
- tokenIn, tokenOut, amount: Same as
swap_tokens
Staking
stake_mon
Stake MON with a validator to earn rewards.
- amount: MON to stake (human-readable)
- validatorId: Validator ID (optional, uses default)
unstake_mon
Begin unstaking MON from a validator.
- amount: MON to unstake (human-readable)
- validatorId: Validator ID (optional)
- withdrawId: Withdrawal ID (default: 0)
withdraw_stake
Withdraw unstaked MON after the 1-epoch delay.
- validatorId, withdrawId: Optional
claim_staking_rewards
Claim accumulated staking rewards.
- validatorId: Optional
compound_rewards
Re-stake accumulated rewards.
- validatorId: Optional
get_staking_info
Get delegation info (staked amount, unclaimed rewards).
- validatorId: Optional
Kuru CLOB Orderbook Trading
get_kuru_markets
List known Kuru CLOB orderbook markets on Monad mainnet.
get_order_book
Fetch live L2 order book (bids/asks) for a Kuru CLOB market.
- marketAddress: Orderbook contract address
get_market_price
Get best bid, ask, and mid price for a Kuru CLOB market.
- marketAddress: Orderbook contract address
kuru_market_order
Place a market (IOC) order on a Kuru CLOB market. Agent EOA must hold tokens.
- marketAddress: Orderbook contract address
- amount: Human-readable float
- isBuy: true for buy, false for sell
- minAmountOut: Minimum output (default: 0)
- slippageBps: Slippage in bps (default: 100)
kuru_limit_order
Place a limit (GTC) order on a Kuru CLOB market.
- marketAddress: Orderbook contract address
- price: Price in quote asset (float)
- size: Size in base asset (float)
- isBuy: true for bid, false for ask
- postOnly: Reject if it crosses spread (default: false)
cancel_kuru_orders
Cancel open orders on a Kuru CLOB market.
- marketAddress: Orderbook contract address
- orderIds: Array of order ID strings
Memecoin Trading
get_meme_tokens
Get live price metrics for all known Monad memecoins (DAK, CHOG, YAKI). Uses CLOB orderbooks with Kuru Flow fallback.
get_token_price
Get live price for a specific token by symbol or contract address.
- token: Symbol (DAK, CHOG, YAKI) or contract address
smart_trade
Evaluate or execute an autonomous trading strategy.
- token: Token symbol
- strategyType:
dca,momentum,scalp, orhodl - budgetMon: Total budget in MON
- stopLoss: Stop-loss fraction (default: 0.1 = -10%)
- takeProfit: Take-profit fraction (default: 0.3 = +30%)
- dcaIntervals: Number of DCA buys (default: 5)
- momentumThreshold: Min 24h change for momentum (default: 0.05)
- autoExecute: Execute trades or dry-run (default: false)
Cross-Chain Swaps
kyber_swap
Swap on Ethereum/Polygon/Arbitrum/Optimism/Base/BSC/Avalanche via KyberSwap. No API key needed. Uses agent EOA (not wallet contract).
- chain: Target chain name
- tokenIn, tokenOut: Token addresses on target chain
- amountIn: Amount in smallest unit (wei)
- slippageBps: Slippage (default: 50)
- recipient: Recipient address (default: agent EOA)
zerox_swap
Swap via 0x Swap API v2. Requires ZEROX_API_KEY.
- chain, tokenIn, tokenOut, amountIn, slippageBps: Same as
kyber_swap
Payments & Identity
pay_for_service
Pay for an x402-enabled API endpoint.
- endpoint: API endpoint URL
- amount: Payment in USDC
register_agent
Register on ERC-8004 identity registry.
- name: Agent name
- description: Agent description
Deployment
deploy_policy_engine
Deploy a new PolicyEngine contract. The deployer becomes the owner. No parameters needed.
deploy_agent_wallet
Deploy a new AgentWallet contract. Optionally deploys PolicyEngine too.
- owner: Address that owns the wallet
- agent: Agent EOA address allowed to call execute()
- policyEngine: Optional existing PolicyEngine address
Security Features
- Spending Limits: Daily and weekly caps on agent spending
- Token Allowlists: Restrict which tokens the agent can transfer
- Contract Whitelists: Only allow calls to approved contracts
- Approval Thresholds: Require human approval above certain amounts
- Emergency Controls: Owner can pause or withdraw funds anytime
- Access Control: PolicyEngine recordExecution() only callable by the wallet contract
Example Session
User: Check my gas and fund up if needed
Agent: [calls ensure_gas]
EOA already has sufficient gas balance. EOA: 0.221 MON, Wallet: 0.075 MON.
User: Set a daily limit of 2 MON
Agent: [calls create_policy with dailyLimit="2.0"]
Policy created: 2 MON daily, 14 MON weekly.
User: Swap 0.1 MON for CHOG
Agent: [calls swap_tokens with tokenIn="MON", tokenOut="CHOG", amount="0.1"]
Swapped 0.1 MON -> 2.71 CHOG via Kuru Flow.
User: What's my portfolio?
Agent: [calls get_wallet_info, get_meme_tokens, get_staking_info]
Wallet: 1.9 MON
CHOG: 2.71 (worth ~0.1 MON)
Staked: 0.5 MON with validator #1
License
MIT
安全使用建议
This skill gives an agent the ability to sign and send real blockchain transactions. Before installing: (1) verify the package/source/author provenance — source/homepage are missing and versions in files disagree; (2) do not set a mainnet private key unless you fully trust the skill and have reviewed the code and dependencies; test on testnet first; (3) prefer a restricted signer or hardware signing gateway rather than putting a raw private key into an environment variable; (4) review the 'pay_for_service' and 'execute_transaction' tools — they allow arbitrary payments and calldata; set conservative policy limits and owner-approval thresholds; (5) inspect the npm dependency 'clankerkit' and package-lock for malicious packages before letting the platform run npm install. If you cannot confirm provenance and review dependencies, treat this as high-risk and avoid providing real funds or private keys.
功能分析
Package: clankerkit (mcp)
Version: 0.2.0
Description: ClankerKit — Autonomous wallet operations for AI agents on Monad — swap, stake, deploy, trade memecoins, and manage spending policies
The package `clankerkit` provides a comprehensive set of tools for autonomous wallet operations on Monad and other blockchains, primarily for AI agents. It leverages a smart contract wallet (`AgentWallet`) with a `PolicyEngine` for spending limits and access control. However, the package is classified as SUSPICIOUS due to critical security design choices and potentially misleading security claims.
**Key Concerns:**
1. **Direct EOA Control and Policy Bypass:** The `AGENT_PRIVATE_KEY` is loaded directly from environment variables and used for certain high-value operations, specifically cross-chain swaps (`kyber_swap`, `zerox_swap`) and contract deployments (`deploy_policy_engine`, `deploy_agent_wallet`). These operations are executed directly by the Agent's EOA (Externally Owned Account) and *bypass* the spending limits and approval policies enforced by the `AgentWallet` smart contract. This directly contradicts the security claims in `README.md` and `SKILL.md` that state "Agent can only spend within policy limits" and "Transactions above threshold require owner approval."
2. **Powerful `execute_transaction` Tool:** The `execute_transaction` tool allows the agent to execute arbitrary contract calls with specified target, value, and calldata. While intended for flexibility, this is a highly powerful primitive that, if misused or if the underlying `AgentWallet` contract has vulnerabilities, could lead to unauthorized fund movement or contract interaction.
3. **Misleading Security Assurances:** The discrepancy between the advertised security features (policy limits, owner approval) and the actual implementation where certain operations bypass these controls via direct EOA usage could lead users to a false sense of security regarding the protection of their funds.
While the code does not contain explicit malicious logic (e.g., private key exfiltration), the direct exposure and use of the `AGENT_PRIVATE_KEY` for operations outside the smart contract's policy scope significantly increases the attack surface and the risk of unauthorized fund loss if the AI agent or its execution environment is compromised.
能力标签
能力评估
Purpose & Capability
The name/description (autonomous wallet ops) aligns with the env vars and tools (sending tokens, swaps, staking, execute_transaction). Required env vars (wallet address, policy engine address, owner address, agent private key) are reasonable for a signing agent. However, registry metadata stated no primary credential while SKILL.md declares AGENT_PRIVATE_KEY as primaryEnv — a metadata mismatch. skill.json version (0.2.0) differs from registry version (0.1.0). Source/homepage are missing, reducing provenance.
Instruction Scope
SKILL.md and src/index.ts implement many powerful wallet operations (arbitrary contract calls, execute_transaction, pay_for_service, swap_tokens). These are consistent with the claimed purpose but grant the agent the ability to perform arbitrary on-chain actions (including arbitrary calldata and paying arbitrary endpoints). That capability is expected for a wallet skill but also makes misuse impactful.
Install Mechanism
There is no explicit install spec, but package.json/package-lock are present and list npm dependencies (including an external 'clankerkit' package). This implies a node/npm install of third-party packages when the skill is used — a moderate supply-chain risk. No remote, untrusted archive URLs were found.
Credentials
The skill requires AGENT_PRIVATE_KEY in environment — appropriate for signing but highly sensitive. All required env vars are related to blockchain operation, so they are proportionate, but the presence of a private key plus autonomous invocation increases risk. Also SKILL.md/README disagree on whether AGENT_PRIVATE_KEY should include the 0x prefix; registry metadata omitted primary credential — inconsistent metadata around the most sensitive secret.
Persistence & Privilege
always is false (good). disable-model-invocation is false (normal), meaning the agent can invoke autonomously; combined with the agent private key this gives a large blast radius (the skill can sign and send transactions without manual approval). This is expected for an autonomous wallet but should be explicitly accepted by the user.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clankerkit - 安装完成后,直接呼叫该 Skill 的名称或使用
/clankerkit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: 32-tool autonomous wallet SDK for AI agents on Monad
元数据
常见问题
ClankerKit 是什么?
Autonomous wallet operations for AI agents on Monad — swap, stake, deploy wallets, trade memecoins, and manage spending policies via natural language. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 539 次。
如何安装 ClankerKit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clankerkit」即可一键安装,无需额外配置。
ClankerKit 是免费的吗?
是的,ClankerKit 完全免费(开源免费),可自由下载、安装和使用。
ClankerKit 支持哪些平台?
ClankerKit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ClankerKit?
由 Wahid Shaikh(@0xsoydev)开发并维护,当前版本 v0.1.0。
推荐 Skills