← 返回 Skills 市场
trader
作者
devatzeroxcore
· GitHub ↗
· v1.0.1
379
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install zeroexcore-trader
功能描述
Trade Solana tokens, track portfolio, bet on prediction markets, check NFT floors via the trader CLI.
安全使用建议
This skill appears to be what it claims (a Solana trading CLI) but exercise caution before installing. Steps to consider:
- Verify the npm package and author: check the @zeroexcore/trader package page on npm and the linked GitHub repo, confirm the package maintainer and recent activity, and inspect the package contents if possible.
- Avoid storing your WALLET_PASSWORD in plaintext config files. Prefer exporting the password as an environment variable at runtime rather than writing it into ~/.openclaw/openclaw.json unless you confirm that file is encrypted and access-limited.
- Understand that global npm installs can execute arbitrary code during installation; if you cannot vet the package, run the CLI via npx in an isolated environment or inspect the package tarball first.
- Back up private keys offline after export, and treat any 'trader wallet export' output as extremely sensitive.
- If you need higher assurance, ask the publisher for a reproducible source link, package checksum, or a signed release; do not proceed if you cannot verify the package origin and integrity.
功能分析
Type: OpenClaw Skill
Name: zeroexcore-trader
Version: 1.0.1
The skill bundle provides a Solana trading CLI with features for token swaps, prediction markets, and portfolio tracking. It includes explicit security instructions for the AI agent to prevent the disclosure of sensitive credentials and implements local encrypted storage (AES-256-GCM) with restricted file permissions (0600) for wallet data. The external dependencies (Helius and Jupiter APIs) are standard for the Solana ecosystem, and the documentation in SKILL.md focuses on safety rules and legitimate trading functionality without any signs of malicious intent or data exfiltration.
能力评估
Purpose & Capability
Name/description, required binary ('trader'), and required env vars (WALLET_PASSWORD, HELIUS_API_KEY) align with a Solana trading CLI. JUPITER_API_KEY is documented as optional for swaps/predictions which matches the behavior. Minor metadata inconsistency: the registry metadata lists no homepage/source but the SKILL.md includes a GitHub homepage, so origin verification is incomplete.
Instruction Scope
SKILL.md instructs the agent to use the CLI and to store wallet state under ~/.openclaw/, which is within the platform boundary — that's expected. However the docs also show storing the WALLET_PASSWORD in ~/.openclaw/openclaw.json (example: "apiKey": "your_wallet_password"), which implies plaintext or config-stored credentials; that contradicts the 'NEVER disclose wallet password' guidance and weakens the claimed 'secure storage' model. The README also instructs exporting the private key for backup (normal for wallets, but a sensitive operation that must be handled carefully).
Install Mechanism
The install uses an npm package (@zeroexcore/trader) to create the 'trader' binary — this is a plausible and common distribution method for a CLI. Npm installs can run arbitrary install scripts and there is no integrity checksum or pinned source in the skill metadata; combined with the registry metadata missing a verified homepage/source, this raises supply-chain risk that should be reviewed.
Credentials
Requested env vars (WALLET_PASSWORD as primary, HELIUS_API_KEY) are appropriate for a Solana trading CLI. The skill also documents optional JUPITER_API_KEY. Concern: example configuration shows placing WALLET_PASSWORD in the OpenClaw config file, which may store it in cleartext depending on platform settings — this is disproportionate to the declared 'do not disclose' guidance and increases exposure of the primary credential.
Persistence & Privilege
always:false and no special OS restrictions. The skill does not request permanent 'always' inclusion nor ask to modify other skills' configs. It writes to its own files under ~/.openclaw/, which is normal for per-skill state.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install zeroexcore-trader - 安装完成后,直接呼叫该 Skill 的名称或使用
/zeroexcore-trader触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Added documentation for running the trader CLI with `npx` as an alternative to global installation.
- No other functional or behavioral changes.
v1.0.0
Initial release of zeroexcore-trader skill.
- Trade Solana tokens, track your portfolio, and bet on prediction markets via the trader CLI.
- Check NFT floor prices and listings directly from the command line.
- Encrypted wallet storage and strict security/safety rules (never share private keys; always keep SOL for gas).
- Automatic trade journaling and position tracking; view trades and PnL in your portfolio.
- Built-in diagnostics and troubleshooting prompts for common issues (wallet, API keys, balance).
- Easy installation with npm; configuration via OpenClaw supported.
元数据
常见问题
trader 是什么?
Trade Solana tokens, track portfolio, bet on prediction markets, check NFT floors via the trader CLI. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 379 次。
如何安装 trader?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install zeroexcore-trader」即可一键安装,无需额外配置。
trader 是免费的吗?
是的,trader 完全免费(开源免费),可自由下载、安装和使用。
trader 支持哪些平台?
trader 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 trader?
由 devatzeroxcore(@devatzeroxcore)开发并维护,当前版本 v1.0.1。
推荐 Skills