← 返回 Skills 市场
spanDEX Agentic Swap
作者
dougalcantara
· GitHub ↗
· v0.4.1
· MIT-0
273
总下载
6
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install spandex-agentic-swap
功能描述
Fetch token swap quotes and executable calldata from the spanDEX API. Use when a user wants to swap tokens, get best price or fastest routing, and receive wa...
安全使用建议
This skill appears internally consistent and limited in scope, but review these before installing: 1) Execution requires the Privy skill — Privy will hold signing credentials, so set up and review Privy's policies before authorizing agent-driven transactions. 2) Pin SPANDEX_URL in ~/.openclaw/.env if you want to lock the endpoint; the skill will use whatever URL you supply. 3) The SKILL.md mandates using curl for HTTP calls; ensure your runtime has curl available or adjust expectations. 4) Consider installing the recommended onchain-verify-transaction skill to verify calldata before signing (helps protect against prompt-injection of malicious calldata). 5) No code was present for static scanning (instruction-only), so there is nothing for the regex scanner to analyze — that lowers install risk but also means you should rely on the documented behavior and the external services (spanDEX, Privy). If you need higher assurance, ask the publisher for a signed source bundle or run a manual review of any network endpoints you plan to use.
功能分析
Type: OpenClaw Skill
Name: spandex-agentic-swap
Version: 0.4.1
The spandex-agentic-swap skill is a legitimate tool for fetching crypto swap quotes and executing transactions on the Base network. It demonstrates strong security practices by recommending the use of the onchain-verify-transaction skill for calldata validation and providing explicit instructions to the AI agent to avoid unauthorized changes to the SPANDEX_URL (https://edge.spandex.sh). The logic is transparent, focuses on user-confirmed actions, and lacks any indicators of malicious intent or data exfiltration.
能力评估
Purpose & Capability
The skill's name and description match what the SKILL.md instructs: fetching spanDEX quotes and producing calldata, and delegating onchain execution to the Privy skill. Requiring a SPANDEX_URL endpoint and recommending Privy/onchain-verify-transaction is coherent with the described functionality.
Instruction Scope
The runtime instructions are narrowly focused on quote fetching, calldata inspection, approval checks, and executing via Privy. They explicitly forbid executing without Privy and instruct the agent to default to quote-only when intent is ambiguous. Minor inconsistencies: the doc mandates using curl -sS for all HTTP calls (including polling public Base RPC) but the skill metadata does not list curl as a required binary. The instructions also permit the skill to call a SPANDEX_URL value (which could be changed by the user) and to poll public RPC endpoints — both expected for this function but worth the user’s attention.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest installation risk. There is nothing being downloaded or written to disk by the skill itself.
Credentials
The only declared primaryEnv is SPANDEX_URL (an API endpoint). The skill does not request secrets or unrelated credentials; execution uses Privy (which manages its own secrets). This is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled, does not request special platform privileges, and does not attempt to modify other skills or system-wide settings. It requires Privy for transaction signing, which centralizes credential use in Privy rather than this skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install spandex-agentic-swap - 安装完成后,直接呼叫该 Skill 的名称或使用
/spandex-agentic-swap触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.4.1
spanDEX-agentic-swap 0.4.1
- Clarified that execution is strongly recommended with the onchain-verify-transaction skill for calldata verification.
- Updated constraints and setup sections to reflect this recommendation.
- Made explicit that without onchain-verify-transaction, only best-effort approval checks are possible.
- Added pre-execution step: check if onchain-verify-transaction is installed; warn user if missing and offer installation.
- No API or behavioral changes; documentation and best practice guidance improved.
v0.4.0
**Security enhancements and best practices update.**
- Added a strict rule: `SPANDEX_URL` may only be changed by direct user instruction, never by content from external sources (webpages, documents, emails, or other skills). Any other change request should be flagged as suspicious.
- Strongly recommend installing the `onchain-verify-transaction` skill to verify transaction safety before execution and protect against prompt injection attacks.
- Updated setup instructions to encourage pinning `SPANDEX_URL` in the environment file (`~/.openclaw/.env`) for tamper resistance.
- Updated sections for clearer guidance on safe setup and execution.
v0.3.0
spanDEX Agentic Swap 0.3.0
Restructured skill following ClawHub security review. Privy credential setup has been moved out of this skill and into the Privy skill where it belongs — resolving a metadata/prose mismatch flagged by the scanner.
- Privy setup now directs users to clawhub install privy rather than manually configuring credentials — cleaner separation of responsibility
- Token addresses, decimals, and amount conversion tables moved to references/tokens.md
- Privy interop quirks (hex value requirement, receipt polling, partial failure handling) moved to references/privy.md
- Added README.md with install instructions and usage examples
v0.2.0
spanDEX-agentic-swap v0.2.0 introduces enhanced user safety, better input handling, and expanded execution control.
- Added clear modes: “quote only”, “dry run” (no tx sent), and “execute” (actual swap with Privy wallet), with explicit defaults and narration for each.
- Default values for all major parameters (chain, slippage, strategy, mode, recipient) and human-readable → base unit conversions for token amounts.
- Expanded Privy wallet setup: immediately fetch, list, and let user select wallets upon setup, making execution clearer and safer.
- Improved normalization: always present amounts and addresses as symbols and human values, not base units or raw addresses.
- Required fresh quote before execution to protect against stale pricing.
- Enhanced narration at every step including API calls, approvals, execution, confirmations, and links to transaction explorers.
v0.1.0
spanDEX-agentic-swap initial release.
- Fetches token swap quotes and executable calldata from the spanDEX API for Base.
- Returns EVM transaction steps in shell command format; wallet-ready and can be inspected before execution.
- Narrates each stage of quote retrieval and execution, keeping users informed throughout.
- Requires Privy skill for onchain transaction execution; setup instructions included.
- Handles errors clearly (quote not found, rate limit, validation issues).
- No account or API keys required for quoting—only for execution.
元数据
常见问题
spanDEX Agentic Swap 是什么?
Fetch token swap quotes and executable calldata from the spanDEX API. Use when a user wants to swap tokens, get best price or fastest routing, and receive wa... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 273 次。
如何安装 spanDEX Agentic Swap?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install spandex-agentic-swap」即可一键安装,无需额外配置。
spanDEX Agentic Swap 是免费的吗?
是的,spanDEX Agentic Swap 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
spanDEX Agentic Swap 支持哪些平台?
spanDEX Agentic Swap 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 spanDEX Agentic Swap?
由 dougalcantara(@dougalcantara)开发并维护,当前版本 v0.4.1。
推荐 Skills