DeepBook CLI. Watch, Make & Take the Sui Market
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for DeepBook trading, but it gives an agent access to wallet keys and real on-chain trading or margin actions without strong approval, scoping, or provenance controls.
Install only if you trust the DeepBook CLI package and understand that it can control real funds. Use testnet or dry-run first, keep a dedicated low-balance wallet, avoid passing private keys on the command line, inspect ~/.deepbook configuration, and require manual approval for every transaction.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with a funded wallet, an agent could place orders, swap assets, withdraw balances, or close margin positions in ways that may lose funds.
These are on-chain, state-changing financial commands. The skill says to prefer `--dry-run` first, but does not require a dry run or explicit user approval before executing real trades, swaps, withdrawals, or margin actions.
`deepbook spot buy <pool> --quantity <value>` ... `deepbook swap base-for-quote <pool> --amount <value>` ... `deepbook margin close <pool>` ... `deepbook manager withdraw --coin <key> --amount <value>`
Require explicit user confirmation for every state-changing command, show a dry-run transaction summary first, verify network/pool/manager IDs, and use a dedicated low-balance wallet until the workflow is trusted.
A leaked or misused private key can give full control over the wallet and any assets or trading permissions tied to it.
The skill documents passing or importing Sui private keys. A raw wallet private key is high-impact authority, and passing it as a command argument can also expose it through shell history or process listings.
`--private-key <suiprivkey>` ... `deepbook config import-key [privateKey]` ... `deepbook account import <alias> [privateKey]`
Avoid giving the agent raw private keys. Prefer stdin, a hardware wallet, keychain-backed signing, or a dedicated limited-permission wallet, and confirm where ~/.deepbook stores imported accounts before use.
Installing the wrong or compromised global package could expose local credentials or execute unwanted transactions with the user's privileges.
The skill directs a global, unpinned npm installation. Because the supplied registry metadata lists the source as unknown and provides no homepage or install spec, the provenance of the CLI that would handle keys and trades is unclear.
If not, install it: `npm install -g deepbook-cli`
Verify the npm package owner and source repository, pin an audited version, install in an isolated environment, and do not use a main wallet until the CLI provenance is trusted.
A mistaken global setting could cause later trades to run on the wrong network, account, RPC provider, or manager object.
Global defaults are purpose-aligned for a CLI, but account, network, provider, or manager settings can carry into later commands from any directory.
Configure global defaults in `~/.deepbook` (works from any path).
Check `deepbook config show` before state-changing commands and prefer per-command overrides for network, address, manager, and RPC when executing important transactions.