← 返回 Skills 市场
333
总下载
0
收藏
1
当前安装
5
版本数
在 OpenClaw 中安装
/install nansen-trading
功能描述
Execute DEX swaps on Solana or Base, including cross-chain bridges. Use when buying or selling a token, getting a swap quote, or executing a trade.
安全使用建议
This skill appears to be a legitimate CLI wrapper for trading, but there are important mismatches and risks to check before installing:
- Verify the nansen-cli package: inspect its npm and GitHub source, recent publisher, and make sure it is the official CLI. Npm packages can contain arbitrary code during install.
- Confirm the config path behavior: SKILL.md expects ~/.nansen/.env for the wallet password but the skill metadata does not declare any required config paths. Ask the publisher to declare required config paths and explain how secrets are stored.
- Avoid storing wallet passwords in plaintext. If possible, use a hardware wallet or an approach that does not require persisting a plaintext password in ~/.nansen/.env. If you must persist, restrict file permissions, encrypt the file, and understand where the keys live.
- Limit credential scope: use a dedicated API key and dedicated wallet with minimal funds for automation, not your main accounts.
- Consider running install and CLI usage in an isolated environment (container/VM) and audit network calls if you will grant this agent NANSEN_API_KEY and the wallet password.
If you decide to proceed, request clarification from the skill author about the missing config-path declaration and how wallet secrets are managed and rotated; do not provide your primary wallet credentials until you have verified the CLI source and storage behavior.
功能分析
Type: OpenClaw Skill
Name: nansen-trading
Version: 0.1.4
The skill facilitates cryptocurrency trading and cross-chain bridging, which are inherently high-risk operations for an autonomous agent. It is classified as suspicious because SKILL.md explicitly instructs the agent to persist the sensitive 'NANSEN_WALLET_PASSWORD' in a local file (~/.nansen/.env), a significant security vulnerability that exposes credentials to any process or user with file system access. While these capabilities are aligned with the stated purpose of the 'nansen-cli' tool, the combination of credential persistence and irreversible financial transaction execution poses a substantial risk without additional safeguards.
能力标签
能力评估
Purpose & Capability
Name/description (DEX swaps on Solana/Base) aligns with requiring a 'nansen' CLI and an API key and wallet password. However the SKILL.md expects a persisted file (~/.nansen/.env) for the wallet password but the skill metadata declares no required config paths. That mismatch between declared requirements and runtime expectations is an incoherence that should be resolved.
Instruction Scope
Instructions stay within trading functionality (quote, execute, bridge-status) but explicitly direct agents to persist and source a wallet password from ~/.nansen/.env and to run wallet-creation commands. Directing agents to persist a secret to disk (and to source it) expands scope beyond mere API access and may lead to sensitive data being written/read without an explicit declared config path or considered consent flow.
Install Mechanism
Install is a Node/npm package ('nansen-cli') that provides the 'nansen' binary — this is coherent with the declared required binary. Npm packages are a normal install mechanism but carry typical supply-chain risk; no arbitrary downloads or extract-from-URL steps are present.
Credentials
The required env vars (NANSEN_API_KEY, NANSEN_WALLET_PASSWORD) are relevant to trading and unlocking a wallet, so they are plausible. However the SKILL.md prescribes persisting NANSEN_WALLET_PASSWORD in ~/.nansen/.env (plaintext by implication) and sourcing it before execute. The skill metadata did not declare any required config paths, and persisting secrets to an undeclared file is disproportionate and a security concern.
Persistence & Privilege
The skill does not request always:true (good) but the runtime instructions expect and instruct persistent state changes (wallet creation, storing ~/.nansen/.env, disk-based keys). That modifies user home state and creates persistent credentials without the skill declaring config-path requirements; combined with autonomous invocation ability, this increases blast radius if a compromised/npm package or API key is misused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nansen-trading - 安装完成后,直接呼叫该 Skill 的名称或使用
/nansen-trading触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.4
- Enforced new swap constraint: at least one side of every swap must be USDC or the native token (SOL or ETH). Arbitrary token-to-token swaps are now rejected.
- Added a "Constraints" section to documentation explaining the new limitation and providing the relevant token addresses.
- Clarified cross-chain behavior to ensure constraint applies per-chain.
- No changes to usage or CLI commands; changes are solely to documentation and allowed swap types.
v0.1.3
- Added support for specifying USD amounts directly with the --amount-unit usd flag.
- Updated documentation to reflect new flag options: --amount-unit usd, --auto-slippage, --max-auto-slippage, --swap-mode, and --quote-index.
- Clarified amount handling: no manual price conversion needed for USD amounts; the CLI resolves pricing automatically.
- Separated trade quote, execute, and bridge-status flag documentation for improved clarity.
v0.1.2
- Added support for cross-chain swaps and bridging between Solana and Base using --to-chain and --to-wallet flags.
- Documented new bridge status tracking command: nansen trade bridge-status.
- Updated flag and usage documentation for cross-chain swaps.
- Clarified requirements for gas on source chain during bridging.
- Expanded description to reflect DEX swaps and cross-chain bridge capability.
v0.1.1
- Added support and documentation for the --amount-unit flag to allow specifying trade amounts in token units (e.g. 0.5 SOL) instead of only integer base units.
- Updated guidance for handling "$X worth of token" queries, including price lookup instructions and conversion steps.
- Clarified usage of --amount and --amount-unit in various scenarios with explicit examples.
- No changes to core functionality; these updates improve clarity and make trading by token amounts easier.
v0.1.0
Initial release of nansen-trading skill.
- Enables DEX swaps on Solana or Base (quote and execute trades).
- Requires a wallet and environment variables: NANSEN_API_KEY and NANSEN_WALLET_PASSWORD.
- Supports trading, getting swap quotes, and executing transactions using nansen-cli.
- Details wallet setup, token decimals, token addresses, and necessary CLI flags.
- Handles wallet password management according to security best practices.
元数据
常见问题
Nansen Trading 是什么?
Execute DEX swaps on Solana or Base, including cross-chain bridges. Use when buying or selling a token, getting a swap quote, or executing a trade. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 333 次。
如何安装 Nansen Trading?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nansen-trading」即可一键安装,无需额外配置。
Nansen Trading 是免费的吗?
是的,Nansen Trading 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Nansen Trading 支持哪些平台?
Nansen Trading 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nansen Trading?
由 Nansen AI(@nansen-devops)开发并维护,当前版本 v0.1.4。
推荐 Skills