← 返回 Skills 市场
TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce
作者
TigerPassNet
· GitHub ↗
· v0.1.1
· MIT-0
388
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install tigerpass
功能描述
Crypto wallet and trading terminal for AI agents — trade Hyperliquid perps and spot, bet on Polymarket predictions, swap tokens on 6 EVM chains, bridge USDC...
安全使用建议
Things to check before installing/using TigerPass:
- Metadata inconsistency: the registry said 'no install spec' but SKILL.md includes Homebrew tap and GitHub build instructions. Ask the publisher to clarify install method and provide signed release binaries.
- Verify the source: inspect the Homebrew tap formula and the GitHub repo (TigerPassNet/tigerpass-cli). Confirm release artifacts, checksums, and code review (especially signing/bridge/messaging code) before running brew install or building as root.
- Audit the binary: the CLI is given authority to sign EIP-191/EIP-712 messages, do x402 HTTP payments, and execute arbitrary contracts. Ensure the binary is vendor-signed and inspect network endpoints it communicates with (especially any central relayers or discovery endpoints like tigerpass.net).
- Test with minimal funds: if you try it, use a brand-new EOA with minimal balance, and avoid granting unlimited ERC-20 allowances (avoid approve --amount max) until you understand the flows.
- Disable autonomous/agent-driven trades until you trust it: the skill supports autonomous agent-to-agent commerce and automatic builder-fee approvals — these can cause funds to move without further human confirmation.
- Confirm platform requirements: SKILL.md requires Apple Silicon and Secure Enclave; verify your device and whether the CLI enforces/assumes this.
- If you cannot audit the code, prefer not to install a custom CLI that holds signing authority. Request signed releases, reproducible builds, or a vetted Homebrew formula before using with real funds.
Summary recommendation: the skill's functionality matches its description, but because it grants a CLI broad ability to sign and move funds and the package sources are a custom tap/GitHub repo (plus metadata inconsistencies), proceed only after verifying the release artifacts and auditing the code; treat it as high-risk until proven trustworthy.
功能分析
Type: OpenClaw Skill
Name: tigerpass
Version: 0.1.1
TigerPass is a comprehensive crypto trading terminal and wallet for AI agents, providing integration with Hyperliquid, Polymarket, and various EVM chains. It features hardware-secured signing via the Apple Secure Enclave and an agent-to-agent messaging protocol (ACE) for economic negotiations. While the tool incorporates security best practices such as EIP-7702 recovery and owner-verified command execution, it is classified as suspicious due to its high-risk capabilities, including autonomous management of financial assets, execution of arbitrary smart contracts (via `tigerpass exec` in advanced-commands.md), and persistent network communication with a third-party backend (tigerpass.net). These features, while aligned with the stated purpose, grant the agent significant financial and operational power that could be misused if the agent's logic is compromised.
能力评估
Purpose & Capability
Name/description align with what the SKILL.md instructs: a macOS CLI 'tigerpass' that manages a hardware-secured EOA, trading, swaps, bridging, contract exec, and agent-to-agent messaging. Required binary 'tigerpass' and the described commands are coherent with the stated purpose.
Instruction Scope
The runtime instructions direct the agent to perform network operations (DEX/aggregator, Circle Iris, Hyperliquid flows), discover and message external agents, and autonomously sign payments (x402) and on‑chain transactions. Those actions are consistent with a wallet/trading terminal but grant broad ability to send funds and interact with external endpoints (including advertising endpoints like https://tigerpass.net/tap/agent/...). The SKILL.md also embeds approval/auto‑authorization behavior (e.g., auto-approve builder fee, unlimited approvals) which can cause funds to be spent without additional human confirmation. No instructions request unrelated local files or env vars, but the agent will contact and trust external services and other agents — this is high-impact for money-moving operations.
Install Mechanism
SKILL.md contains install commands (brew tap TigerPassNet/tigerpass and a GitHub build) even though the registry summary stated 'No install spec / instruction-only' — that's an inconsistency. The install sources themselves are standard (Homebrew tap and GitHub repo), not obscure URLs, but they are a custom tap and a third‑party GitHub org (TigerPassNet). That requires validating the tap and repository (formula, release artifacts, signatures) before installing. Building from source requires Xcode and sudo cp which modifies /usr/local/bin — expected for a CLI but worth auditing.
Credentials
The skill declares no environment variables or external credentials, which is consistent with using a hardware-backed key (Secure Enclave) and a local CLI. There are no unrelated credential requests. However, ability to sign payments and execute arbitrary contracts means the binary itself must be trusted — lack of declared env vars does not eliminate risk.
Persistence & Privilege
Skill is not always-included and allows model invocation (normal). It requests no special persistent system privileges in metadata, but the CLI will hold the signing capability (Secure Enclave access) and can perform autonomous signing and on‑chain payments. Combined with network discovery/messaging, this gives a large operational blast radius if the binary is malicious or buggy — verify binary provenance and signing behavior before gifting it any funds or enabling autonomous workflows.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tigerpass - 安装完成后,直接呼叫该 Skill 的名称或使用
/tigerpass触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Hardware-secured EVM wallet (Apple Secure Enclave), built-in Hyperliquid perps/spot trading, Polymarket prediction markets, 0x DEX swaps across 6 chains, Circle CCTP V2 cross-chain bridge, smart contract execution, EIP-191/712 signing, x402 payments, and ACE Protocol for E2E encrypted agent-to-agent commerce with on-chain reputation.
v0.1.0
TigerPass 0.1.0 — Initial Release
- Equips AI agents with a hardware-secured on-chain identity (Secure Enclave +
ERC-8004), enabling autonomous crypto operations without human intermediation — agents
can discover peers, negotiate terms, and settle payments independently.
- Implements TAP (TigerPass Agent Protocol) for E2E encrypted, cryptographically signed
agent-to-agent messaging — supporting a full economic loop: RFQ → Offer → Accept →
Invoice → On-chain Settlement, all schema-validated and owner-verified.
- Provides built-in trading engines for autonomous execution: DEX swaps (0x, 10
chains), Hyperliquid perpetual futures & spot trading, and Polymarket prediction
markets — each a single CLI command with automatic signing.
- Uses a dual-address architecture: EOA (signing identity + agent-to-agent comms) and
Safe smart account (fund custody + transaction execution), both derived from a
non-exportable Secure Enclave key.
- Manages five distinct balance pools across chains to prevent operational errors —
separating wallet, EOA, and per-venue trading balances (Hyperliquid L1,
Polymarket/Polygon, HyperEVM).
- Supports x402 HTTP payments, EIP-191/712 message signing, smart contract execution,
and on-chain identity registration — providing a complete autonomous agent
infrastructure on Apple Silicon (macOS 14+).
元数据
常见问题
TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce 是什么?
Crypto wallet and trading terminal for AI agents — trade Hyperliquid perps and spot, bet on Polymarket predictions, swap tokens on 6 EVM chains, bridge USDC... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 388 次。
如何安装 TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tigerpass」即可一键安装,无需额外配置。
TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce 是免费的吗?
是的,TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce 支持哪些平台?
TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(macos)。
谁开发了 TigerPass — Hardware-Secured Crypto Wallet & Trading Terminal for AI Agents | Hyperliquid Perps, Polymarket Predictions, DEX Swaps, Cross-Chain Bridge, E2E Encrypted Agent-to-Agent Commerce?
由 TigerPassNet(@tigerpassnet)开发并维护,当前版本 v0.1.1。
推荐 Skills