ClawHub

DeepBook CLI. Watch, Make & Take the Sui Market

v0.0.1

Operate the deepbook CLI for DeepBook reads (REST/SSE), global ~/.deepbook config/account management, on-chain spot trading, top-level swap execution, balance-manager ops, and margin trading.

1· 1.5k·1 current·1 all-time
by@astinz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description describe a CLI for market data and on‑chain trading; the SKILL.md contains only CLI usage, config locations (~/.deepbook), and commands for spot/swap/margin/manager operations — all directly related to the stated purpose. There are no unrelated credential or service demands in metadata.
Instruction Scope
Instructions focus on using the deepbook CLI and its config under ~/.deepbook. They explicitly instruct installing the npm package and performing state-changing commands (buy/sell/deposit/withdraw/import-key). The skill references private-key and apiKey handling (import-key, --private-key, --stdin) — appropriate for a trading CLI but sensitive; SKILL.md does advise not to print private keys and to prefer --dry-run as a safety default.
Install Mechanism
No formal install spec in the registry; the runtime instructions tell the agent to run 'npm install -g deepbook-cli'. Installing a global npm package is a normal way to obtain a CLI but carries moderate risk because the package source/homepage is not provided in the skill metadata. There's no pinned version or verification step shown.
Credentials
The skill requests no env vars or credentials in the metadata, but the CLI workflow requires handling private keys and API keys (via flags or stdin). That is proportionate to a trading CLI, but the skill does not declare a primary credential or required config paths beyond ~/.deepbook, so users should be aware secrets will be entered/managed by the CLI rather than provided via declared env vars.
Persistence & Privilege
always is false and the skill is instruction-only (no persistent background hooks). It writes/reads user config at ~/.deepbook and may install a global npm package (which modifies system state). Nothing indicates the skill will modify other skills or system-wide agent settings.
Assessment
This skill is coherent for using a trading CLI, but exercise caution before installing or running it: 1) 'npm install -g deepbook-cli' will install a package from the public npm registry — verify the package name, publisher, and source code (or prefer a pinned version) before installing globally. 2) The CLI will ask to import or use private keys and API keys; never paste sensitive keys into an untrusted environment. Use --dry-run and test on testnet first. 3) Consider installing and running the CLI in an isolated environment (container or VM), inspect the package source, and use ephemeral keys or read-only API keys when possible. 4) If you need higher assurance, ask the publisher/source for a homepage/repository or for signed release artifacts; absence of a homepage lowers confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dzrthax3jd45t6vhvwfemch80hbf6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments