Carbon DeFi

v1.0.0

Use this skill when the user wants to create or manage on-chain maker trading strategies on Carbon DeFi. Triggers include: "place a limit order", "create a r...

⭐ 0· 20·0 current·0 all-time

by@ashachaf

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ashachaf/carbon-defi.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Carbon DeFi" (ashachaf/carbon-defi) from ClawHub.
Skill page: https://clawhub.ai/ashachaf/carbon-defi
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install carbon-defi

ClawHub CLI

Package manager switcher

npx clawhub@latest install carbon-defi

Security Scan

Capability signals

CryptoRequires walletRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Pending

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (on‑chain maker strategies) matches the SKILL.md's tools and REST endpoints. However the skill instructs the agent/user to connect to an external MCP server (mcp.carbondefi.xyz) and to run an npx-based connector — these runtime requirements are not declared in the metadata (no required binaries, no homepage, source unknown). That mismatch is unexpected for a connector skill.

Instruction Scope

The instructions tell the user to add an mcpServers entry to a local Claude Desktop config file (~/Library/Application Support/Claude/claude_desktop_config.json) and to POST to https://mcp.carbondefi.xyz. This is macOS-specific, modifies an application config (agent-wide), and instructs network calls to a third‑party server. The SKILL.md does not provide provenance, verification steps, or alternatives, and it references use of 'npx mcp-remote' (requires Node/npx) though the skill metadata did not declare those binaries.

Install Mechanism

There is no install spec (instruction-only), which is lower risk in general, but the instructions explicitly use 'npx mcp-remote' (implying npm usage) and remote REST endpoints. Because the skill suggests invoking code from npm/a remote server yet lists no install or verification guidance, this increases risk: the agent/user may pull or run code from an unvetted source.

ℹ

Credentials

The skill declares no required environment variables or credentials and emphasizes unsigned transactions that the user must sign locally (it does not ask for private keys). That's appropriate. However the skill will send wallet address and strategy data to mcp.carbondefi.xyz (e.g., owner parameter) — network-transmitted user data is expected for this purpose but still sensitive and should be verified against the service's privacy/trustworthiness.

Persistence & Privilege

The skill does not request 'always: true', but it explicitly instructs modifying the agent's desktop configuration to add an MCP server entry. That writes agent-wide configuration directing tool invocations to an external server — a higher-privilege action that should only be done for trusted sources. The metadata did not call this out or provide justification/provenance.

What to consider before installing

Before installing or enabling this skill: (1) Verify the operator and code: ask the publisher for a homepage, source repository, and npm package for 'mcp-remote' so you can audit them. (2) Do not provide private keys or secrets; signing must happen locally — confirm how unsigned transactions are returned and signed. (3) Treat mcp.carbondefi.xyz as an untrusted external service until verified: check its TLS cert, WHOIS, and any available audits. (4) Be cautious editing your Claude Desktop config — adding an MCP server routes agent tool calls to that host; only add it if you trust the service. (5) Confirm that your environment meets runtime requirements (Node/npx) — the SKILL.md uses npx but the skill metadata didn't declare this. (6) Prefer to call the REST endpoints manually first (curl example in the SKILL.md) and inspect responses before allowing the agent to use the connector automatically. If the publisher cannot provide source, security audit, or clear provenance, treat this skill as unsafe to enable.

Like a lobster shell, security has layers — review code before you run it.

automationvk97f9b2fnrec3mhqsge2gmwath85qnweblockchainvk97f9b2fnrec3mhqsge2gmwath85qnwedefivk97f9b2fnrec3mhqsge2gmwath85qnweethereumvk97f9b2fnrec3mhqsge2gmwath85qnwelatestvk97f9b2fnrec3mhqsge2gmwath85qnwemcpvk97f9b2fnrec3mhqsge2gmwath85qnweonchainvk97f9b2fnrec3mhqsge2gmwath85qnwetradingvk97f9b2fnrec3mhqsge2gmwath85qnwe

20downloads

0stars

2versions

Updated 23m ago

v1.0.0

MIT-0

Carbon DeFi — On-Chain Maker Trading via MCP

Carbon DeFi is a fully on-chain maker trading protocol. Users set prices upfront — strategies execute automatically with zero gas on fills. No bots, no agent needs to stay online after placing a strategy.

Connect to the MCP Server

Add to Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "carbon-defi": {
      "command": "npx",
      "args": ["mcp-remote", "https://mcp.carbondefi.xyz/mcp"]
    }
  }
}

Restart Claude Desktop after saving. Alternatively, call tools directly via REST:

curl -X POST https://mcp.carbondefi.xyz/tools/get_strategies \
  -H "Content-Type: application/json" \
  -d '{"owner": "0xYourAddress", "chain": "ethereum"}'

Core Concepts

Maker-first. Every strategy is a maker order — you set the price, the market comes to you.

Unsigned transactions. All write operations return an unsigned transaction (to, data, value). The user must sign and broadcast it. Never assume a transaction has been submitted.

Base and quote tokens.

base_token — the token being bought or sold (e.g. ETH)
quote_token — the pricing token (e.g. USDC)
All prices are expressed as: quote per 1 base (e.g. 2000 USDC per ETH)

Budgets.

buy_budget — always in quote token (e.g. USDC to spend buying ETH)
sell_budget — always in base token (e.g. ETH to sell)

Native ETH. Use address 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE. Never WETH. ETH never requires approval.

Supported chains. ethereum, sei, celo, tac, coti

Strategy Types

User intent	Tool to use
"buy at exactly X" / "sell at exactly X"	`carbon_create_limit_order`
"scale in as price drops" / "DCA into"	`carbon_create_range_order` (buy)
"scale out as price rises" / "sell gradually"	`carbon_create_range_order` (sell)
"buy low sell high forever" / "recurring" / "grid"	`carbon_create_recurring_strategy`
"provide liquidity" / "earn fees" / "concentrated"	`carbon_create_concentrated_strategy`
"full range liquidity" / "widest range"	`carbon_create_full_range_strategy`

A range order executes gradually as price moves through the range — correct for "scale in" or "DCA". Do not split into multiple orders.

All 25 Tools

Explore

carbon_get_strategies — all active strategies for a wallet. Always call first.
carbon_get_strategy — single strategy by ID — type, status, prices, budgets, trade count
carbon_get_activity — trade and event history for a wallet or strategy
carbon_explore_pair — top strategies for a token pair, ranked by trade count
carbon_simulate_strategy — backtest against real historical prices before going on-chain
carbon_resolve_token — fuzzy token symbol/name → on-chain address ("dollar" finds USDC/USDT/DAI)
carbon_find_opportunities — discount buys or premium sells vs market price
carbon_get_protocol_stats — TVL, volume, fees history
carbon_get_price_history — OHLC price data for any token pair

Trade (swap against Carbon liquidity)

carbon_get_trade_quote — swap quote: expected output, rate, strategies used. Always call before execute.
carbon_execute_trade — unsigned swap transaction. Requires trade_actions from get_trade_quote.

Create

carbon_create_limit_order — one-time buy or sell at exact price
carbon_create_range_order — gradual execution across a price range
carbon_create_recurring_strategy — looping buy+sell, repeats forever, zero gas on fills
carbon_create_concentrated_strategy — two-sided liquidity with a defined spread
carbon_create_full_range_strategy — two-sided liquidity up to 1000x from market price

Manage

carbon_reprice_strategy — update price ranges only
carbon_edit_strategy — update prices and budgets in one transaction
carbon_deposit_budget — add funds without interrupting the strategy
carbon_withdraw_budget — remove funds without closing the strategy
carbon_pause_strategy — pause orders, funds stay, resume anytime
carbon_resume_strategy — reactivate a paused strategy
carbon_delete_strategy — permanently close and return all funds

Help & Knowledge

carbon_help — detailed guidance on any tool or full overview
carbon_learn — protocol concepts: fees, security, marginal price, overlapping liquidity, contracts, SDK, API, and more

Behavior Rules

Always call carbon_get_strategies first to check existing positions
Never invent a market price — always ask the user. Never reuse a price from earlier in the conversation.
Present a strategy proposal and wait for explicit user approval before building a transaction
Always show the full unsigned transaction (to, data, value) after creation
Check the warnings array in every response — if allowance warning exists, show approval steps before the transaction
When market price is inside a buy range, ask: full range or below market only?
- Full range: omit buy_price_marginal
- Below market only: set buy_price_marginal to current market price
Overlapping buy/sell ranges: warn but allow — ask user to confirm intent
Buy price above market: warn and offer to adjust
Sell price below market: warn and offer to adjust
For pause: show current prices first, confirm before pausing
For resume: restore prices only — funds already in strategy, never ask for budgets
For reprice: call once with all four prices — fill missing side from current strategy state
For delete: always confirm with user — irreversible

Token Allowances

Before any strategy depositing ERC-20 tokens, check if the Carbon DeFi controller has sufficient allowance. If not, the user must send an approval transaction first.

Note: USDT on Ethereum requires setting allowance to 0 before increasing.

Transaction Verification

All write operations return unsigned transactions. To independently verify calldata before signing:

Spec: https://docs.carbondefi.xyz/developer-guides/carbon-defi-transaction-encoding
Covers: contract addresses per chain, function selectors, price encoding, budget encoding, verification checklist

Batch API

Run multiple tools in parallel as a single request (counts against rate limit once):

curl -X POST https://mcp.carbondefi.xyz/batch \
  -H "Content-Type: application/json" \
  -d '[
    {"tool": "get_strategies", "params": {"owner": "0x...", "chain": "ethereum"}},
    {"tool": "get_protocol_stats", "params": {"chain": "ethereum"}}
  ]'

Rate Limits

30 requests/min per IP, burst of 10
Use /batch for parallel calls — counts as 1 request
REST endpoints (/tools/:toolName) are faster than MCP proxy

Comments

Loading comments...