ClawHub

FLOOR OTC

v1.1.0

Trustless OTC escrow for token swaps on Base. Get live quotes, create on-chain escrows, check trade status. Atomic settlement, no middleman.

0· 73·0 current·0 all-time
by@agora0x
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (OTC escrow on Base) matches the runtime instructions and metadata: all calls are to pricing/quote/trade endpoints and the listed escrow contract and chain info are present. Required binaries (curl) are appropriate and no unrelated credentials or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to call a remote A2A REST/JSON‑RPC service (https://floor-a2a-production.up.railway.app) for quotes, trade execution, and status. It does not ask the agent to read local files or environment variables. Important operational note: the execute_trade path will cause the remote service to create on‑chain transactions (the skill metadata states the A2A server must have a PRIVATE_KEY configured). That is expected for a service that signs transactions, but it means the server—not your local environment—will be the transaction submitter/signer.
Install Mechanism
Instruction-only skill with no install spec and a single required binary (curl). Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables or credentials from the user. The only sensitive key referenced (PRIVATE_KEY) is noted as required on the remote A2A server (server‑side), not requested from the agent/user. This is proportionate to a remote service that needs to sign transactions, but you should confirm the server's key handling and threat model before transacting.
Persistence & Privilege
The skill is not 'always' enabled and does not request elevated agent privileges. It is user‑invocable and uses normal autonomous invocation settings (default) — no unusual persistence or cross‑skill modification is requested.
Assessment
This skill is coherent with its stated purpose: it simply calls a remote A2A service to get quotes and to request on‑chain escrow actions. Before using it to execute real trades, do the following: (1) Verify the escrow contract address and review its verified source on Basescan to confirm the fee and immutability claims; (2) Inspect the agent_card/health endpoints (https://floor-a2a-production.up.railway.app/.well-known/agent.json and /health) and confirm the operator identity; (3) Understand the trade flow: the remote server will be the transaction signer/submitter (it needs a server PRIVATE_KEY) — make sure you know which party pays gas and how you will approve/deposit tokens from your wallet; (4) Never share private keys or wallet seed phrases with the skill; use your own wallet to approve token transfers and only confirm on‑chain transactions you initiated; (5) If uncertain, test with small amounts or use the REST quote/prices endpoints first (read‑only) rather than execute_trade. If you want stronger assurance, request the developer's repository or contact info and audit the A2A server code and the escrow contract source.

Like a lobster shell, security has layers — review code before you run it.

agent-economyvk97b2j1n8cxsh88gmevbwqrxz983vxtxbasevk97b2j1n8cxsh88gmevbwqrxz983vxtxcryptovk97b2j1n8cxsh88gmevbwqrxz983vxtxdefivk97b2j1n8cxsh88gmevbwqrxz983vxtxerc-8004vk97b2j1n8cxsh88gmevbwqrxz983vxtxescrowvk97b2j1n8cxsh88gmevbwqrxz983vxtxlatestvk973a75e9k9xq22dc02ny0cs55843kpaotcvk97b2j1n8cxsh88gmevbwqrxz983vxtxswapvk97b2j1n8cxsh88gmevbwqrxz983vxtxtokensvk97b2j1n8cxsh88gmevbwqrxz983vxtxtradingvk97b2j1n8cxsh88gmevbwqrxz983vxtxweb3vk97b2j1n8cxsh88gmevbwqrxz983vxtx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🟩 Clawdis
Binscurl

Comments