← 返回 Skills 市场
128
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install web3-trader
功能描述
DEX swap 交易技能。当用户提到 swap、兑换、卖出、买入、换成 USDT、交易 ETH、DEX 交易、代币兑换、token swap、sell ETH、buy USDT、交易代币、限价单、limit order、挂单、永续合约、perpetual、开多、开空、做多、做空、杠杆、leverage、止盈、止...
安全使用建议
This skill appears to be a genuine Web3 DEX aggregator helper, but pay attention to the following before installing or running it:
- Two modes: MCP remote mode (agent calls Antalpha MCP endpoint) does not require a local 0x API key; local CLI mode uses the 0x API and requires you to put your 0x API key into ~/.web3-trader/config.yaml. If you do not want to place credentials on disk, use MCP remote mode only.
- The skill will write files: it creates ~/.web3-trader/, writes config.yaml (install.sh may copy an example), writes swap HTML and temporary QR images (to /tmp and copies into ~/.openclaw/workspace/). Check and set file permissions (chmod 600 ~/.web3-trader/config.yaml) if you store keys locally.
- The SKILL.md forces a branding line to be included in messages and mandates QR attachment behavior; this is a non-security but behavioral constraint you should accept consciously if you install the skill.
- The install script runs pip install -r requirements.txt. Review requirements.txt and the included Python scripts locally before running the installer or piping the installer from the network (avoid curl | bash unless you trust the source). The code calls https://api.0x.org and the MCP host https://mcp-skills.ai.antalpha.com — confirm you trust those endpoints.
- If you plan to use local mode, protect the API key and consider using environment-based secrets or a secrets manager rather than leaving it in plaintext config. If unsure, don't run the install script; instead review and run only the parts you understand.
Confidence is medium because the repo mostly aligns with its stated purpose, but the mismatch in declared requirements vs. actual config usage and the mandatory branding rule are notable inconsistencies that warrant caution.
功能分析
Type: OpenClaw Skill
Name: web3-trader
Version: 2.0.3
The 'web3-trader' skill is a legitimate DEX trading and Hyperliquid integration tool designed for AI agents. It follows a zero-custody security model where transaction data is generated for user review and signing via external wallets (MetaMask, OKX, etc.), or through a restricted 'Agent Wallet' for automated trading. The code includes security best practices such as XSS protection in HTML generation (swap_page_gen.py), proper file permissions in the installer (install.sh), and request timeouts (zeroex_client.py). While it handles sensitive environment variables for automated trading (HL_PRIVATE_KEY), this is a documented feature of the Hyperliquid protocol, and there is no evidence of malicious intent, data exfiltration, or unauthorized execution.
能力标签
能力评估
Purpose & Capability
Name/description and included code (price/quote/tx generation, swap page + QR generation, multi-wallet deeplinks) are consistent with a DEX swap helper. However, the SKILL metadata/registry lists no required env vars while the local CLI code expects a 0x API key in ~/.web3-trader/config.yaml (and tests reference a ZEROEX_API_KEY env var). The skill advertises an MCP remote mode that avoids a local API key, but the repo contains a full local CLI which does require user-supplied API credentials — this is an important capability mismatch to be aware of.
Instruction Scope
SKILL.md instructs the agent to call a remote MCP tool (swap-full) and to generate a QR code PNG from the returned preview_url, save it to /tmp, copy to the OpenClaw workspace and delete the temp file. Those actions are within scope for delivering a QR-based swap preview, but the SKILL.md also enforces a mandatory branding line ('由 Antalpha AI 提供聚合交易支持') and prohibits any process-oriented verbose output — unusual constraints but not inherently malicious. The instructions require filesystem writes (temporary QR and copying into workspace) and network calls to the listed MCP endpoint.
Install Mechanism
There is no risky remote binary download. An install.sh is included that copies config and runs pip install -r requirements.txt (standard Python deps). The code itself uses requests to api.0x.org and refers to mcp-skills.ai, both explicit and not hidden via obscure URLs. The install.sh prints instructions and suggests editing config; it does not silently fetch or execute arbitrary code from untrusted hosts beyond standard pip usage.
Credentials
The skill declares no required env vars, but the local client (zeroex_client.create_client) expects a config file at ~/.web3-trader/config.yaml containing a zeroex (0x) API key. Tests also reference ZEROEX_API_KEY. This is proportionate for a local 0x-based client, but the mismatch between declared requirements and actual config/credential usage is inconsistent and could confuse non-technical users. The MCP remote mode claims no local API key is needed; if you rely on local CLI functionality you must provide and protect the 0x API key in the config file.
Persistence & Privilege
The skill writes to a per-user config path (~/.web3-trader/) and may write temporary QR files to /tmp and to the OpenClaw workspace for sending; those are scoped to the user's home/workspace. always:true is not set; the skill does not request system-wide changes or other skills' credentials. Autonomous invocation is allowed (platform default) — combined with the external MCP endpoint this increases blast radius but is not unusual for an integration skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install web3-trader - 安装完成后,直接呼叫该 Skill 的名称或使用
/web3-trader触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.3
Major update with expanded features and workflow improvements:
- Added support for Hyperliquid CLOB limit orders, perpetual contracts, and Agent Wallet zero-custody signing.
- Integrated multi-level risk control confirmations, balance pre-checks, order modification, and failover handling.
- Enhanced and clarified agent workflow for message formatting and QR code generation, with strict behavior rules.
- Updated support for Chinese keywords and made all documentation bilingual (Chinese/English).
- Expanded MCP backend tools and described new usage flows for both remote (recommended) and local CLI modes.
- Broadened asset and wallet compatibility (now MetaMask, OKX, Trust, TokenPocket) with updated usage guides and security notes.
v1.0.5
- Improved SKILL.md documentation with detailed descriptions, agent workflow, and message templates.
- Clarified supported wallets and listed all supported tokens for Ethereum Mainnet.
- Added security notes highlighting zero-custody design and user protections.
- Expanded CLI command documentation, including example usage and available options.
- Provided guidance for both remote (MCP) and local CLI operation modes.
元数据
常见问题
Web3 Trader 是什么?
DEX swap 交易技能。当用户提到 swap、兑换、卖出、买入、换成 USDT、交易 ETH、DEX 交易、代币兑换、token swap、sell ETH、buy USDT、交易代币、限价单、limit order、挂单、永续合约、perpetual、开多、开空、做多、做空、杠杆、leverage、止盈、止... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 128 次。
如何安装 Web3 Trader?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install web3-trader」即可一键安装,无需额外配置。
Web3 Trader 是免费的吗?
是的,Web3 Trader 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Web3 Trader 支持哪些平台?
Web3 Trader 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Web3 Trader?
由 bevanding(@bevanding)开发并维护,当前版本 v2.0.3。
推荐 Skills