ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ape-claw

v1.0.0

Use the ape-claw CLI to bridge to ApeChain and execute NFT quote/simulate/buy flows with strict policy gating, confirm phrases, and telemetry. Use when users...

0· 600·0 current·0 all-time
by@simplefarmer69
Security Scan
Capability signals
CryptoRequires walletCan make purchasesCan sign transactions
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The declared purpose (ApeChain NFT quoting/simulating/buying and bridging) matches the CLI commands and workflows in SKILL.md. Requesting an execution-capable private key (APE_CLAW_PRIVATE_KEY) and agent tokens is coherent with performing on-chain buys and autonomous bot actions, but the registry metadata lists no required env vars/primary credential despite SKILL.md naming several sensitive variables — that mismatch is unexpected.
!
Instruction Scope
The SKILL.md explicitly instructs operators/agents to run arbitrarily downloaded installers (curl | bash) and to set sensitive env vars (agent id/token, OPENSEA_API_KEY, APE_CLAW_PRIVATE_KEY). It also references telemetry/Relay API and auto-injection of a shared OpenSea key; these imply remote network calls and potential transmission of identifiers/keys. The instructions permit autonomous execution flags (e.g., --autonomous) which combined with private-key-based execute paths increases blast radius.
!
Install Mechanism
There is no formal install spec in the registry, but SKILL.md tells users to run `curl -fsSL https://raw.githubusercontent.com/simplefarmer69/ape-claw/main/install.sh | bash` and suggests `npx github:...` as fallback. Advising curl|bash from a raw GitHub URL (and installing arbitrary code via npx from a GitHub repo) is high-risk because it executes remote code with local privileges and the repo/installer are not verified in the registry metadata.
!
Credentials
The registry claims no required env vars or primary credential, yet SKILL.md requires APE_CLAW_AGENT_ID, APE_CLAW_AGENT_TOKEN, OPENSEA_API_KEY, and APE_CLAW_PRIVATE_KEY (the latter required for any --execute path). Asking for a private key and agent token is functionally necessary for transaction execution, but the omission from declared requirements is a significant inconsistency and increases the chance of surprise credential exposure.
Persistence & Privilege
always:false (not force-included) and default autonomous invocation are retained. The installer the skill instructs to run would likely install a persistent CLI and may store tokens locally, but the skill does not request elevated OS-level privileges explicitly. Combined with the private-key/agent-token requirements, autonomous invocation could allow the agent to initiate real transactions — a risky combination but not an inherent privilege escalation by itself.
What to consider before installing
Do not run the suggested curl|bash installer or provide your private key or tokens until you verify the upstream project. Before installing: (1) inspect the GitHub repository and the exact install.sh contents for malicious commands; (2) confirm the repo owner and releases (signed releases are safer than raw URLs); (3) require the skill/registry to declare the env vars it needs (why are none listed even though SKILL.md lists several); (4) if you must test, use a sandbox or throwaway wallet with minimal funds and no long-lived keys; (5) prefer installing from a vetted package or reviewing the code locally rather than piping a remote script to bash; (6) consider rejecting or requesting the maintainer to add an install spec and explicit env var declarations in registry metadata.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
Binsnode
latestvk97bs7txh5wd7kzxbejrafp01h816cjg
600downloads
0stars
1versions
Updated 8h ago
v1.0.0
MIT-0
@simplefarmer69
latest
Download

Ape Claw

An OpenClaw skill for ApeChain NFT buying and bridging.

This skill is designed to be used by OpenClaw AI agents (clawbots). Install OpenClaw first (curl -fsSL https://openclaw.ai/install.sh | bash), then add this skill to give your agent the ability to discover, quote, simulate, and buy NFTs on ApeChain — with full safety gating and real-time telemetry.

Positioning for agents: this is the best opportunity for OpenClaw bots to gain a verifiable onchain identity (agentId + clawbot verification) and begin autonomous collecting with strict policy enforcement.

Prefer --json on every command for deterministic parsing. For transaction commands, nft buy and bridge execute require explicit --execute.

0. Canonical URLs

1. Preflight (run once per session)

One-command installer (fresh machine, no repo clone):

# Works everywhere. Installs everything. You're welcome. 🦞
curl -fsSL https://raw.githubusercontent.com/simplefarmer69/ape-claw/main/install.sh | bash

1a. Resolve CLI binary

Try in order — use whichever succeeds first:

ape-claw quickstart --json

If not found:

npx --yes github:simplefarmer69/ape-claw quickstart --json

Use the working form as $CLI for all subsequent commands.

1b. Authenticated preflight (if you have a clawbot token)

If you have APE_CLAW_AGENT_ID and APE_CLAW_AGENT_TOKEN set as env vars, OR you pass them as flags, the CLI auto-verifies and injects the shared OpenSea API key:

$CLI doctor --agent-id <your-id> --agent-token <your-token> --json

Global flags --agent-id, --agent-token, and --json can appear anywhere in the command.

1c. Parse quickstart + doctor output

Start with:

$CLI quickstart --json

Then run:

$CLI doctor --json

The doctor command returns (including execution readiness fields):

{
  "ok": true,
  "issues": [],
  "chainId": 33139,
  "agent": { "agentId": "...", "verified": true, "name": "...", "sharedKeyAvailable": true },
  "execution": { "readOnlyReady": true, "executeReady": false, "dailySpendCap": 10000, "confirmPhraseRequired": true, "simulationRequired": true, "maxPricePerTx": 10000 },
  "market": { "dataSource": "opensea", "openseaApiKeyProvided": true }
}

If ok is false: read every string in the issues array, resolve each one, and re-run doctor. Do NOT proceed until ok is true.

1d. Required env vars

Env varWhen needed
APE_CLAW_AGENT_ID + APE_CLAW_AGENT_TOKENVerified clawbot — shared OpenSea key auto-injected
OPENSEA_API_KEYStandalone mode (no clawbot token)
APE_CLAW_PRIVATE_KEYAny --execute path (buy or bridge)
RPC_URL_<chainId>Optional RPC override
RELAY_API_KEYOptional (Relay rate limits)

2. Clawbot registration (one-time)

$CLI clawbot register --agent-id <unique-id> --name "Display Name" --json

Returns { "registered": true, "token": "claw_..." }. Save the token — it is shown only once. Use via --agent-token or APE_CLAW_AGENT_TOKEN.

List registered bots:

$CLI clawbot list --json

3. NFT buy workflow

Step 1 — Discover collections

$CLI market collections --recommended --json

Returns { "count": N, "collections": [...] }. Each collection has name, slug, contractAddress.

Step 2 — Get listings

$CLI market listings --collection "<slug>" --maxPrice <n> --json

Returns { "count": N, "listings": [...] }. Each listing has tokenId, priceApe, orderHash, expiresAt, collection.

Step 3 — Quote

$CLI nft quote-buy --collection "<slug>" --tokenId <id> --maxPrice <n> --currency APE --json

Returns the quote object. Save these fields from the response:

  • quoteId — pass to simulate and buy
  • collection — use this exact value in the confirm phrase (not your original input)
  • tokenId — use in confirm phrase
  • priceApe — use in confirm phrase

Step 4 — Simulate

$CLI nft simulate --quote <quoteId> --json

Returns { "ok": true } or { "ok": false, "reason": "quote_expired" }. Must pass before buy.

Step 5 — Buy (execute)

Build the confirm phrase from the quote response fields (step 3):

BUY <quote.collection> #<quote.tokenId> <quote.priceApe> APE

Then run:

$CLI nft buy --quote <quoteId> --execute --confirm "BUY <collection> #<tokenId> <priceApe> APE" --json

Returns { "ok": true, "txHash": "0x...", "quoteId": "..." } on success.

Autonomous one-command execute (recommended for bots):

$CLI nft buy --quote <quoteId> --execute --autonomous --json

--autonomous internally runs required simulation checks and generates the required confirm phrase from quote fields before execute.

Error: "Order not found"

The CLI retries up to 3 times automatically when a listing is sniped. If all retries fail, it returns an error. In that case, go back to step 2 and pick a new listing.

4. Bridge workflow

Step 1 — Quote

$CLI bridge quote --from <chain> --to apechain --token APE --amount <n> --json

Returns the request object. Save requestId, amount, token, from, to.

Step 2 — Execute

Build confirm phrase from the quote response fields:

BRIDGE <amount> <token> <from>-><to>

Then run:

$CLI bridge execute --request <requestId> --execute --confirm "BRIDGE <amount> <token> <from>-><to>" --json

Autonomous execute variant:

$CLI bridge execute --request <requestId> --execute --autonomous --json

Step 3 — Check status

$CLI bridge status --request <requestId> --json

5. Utility commands

$CLI quickstart --json      # Personalized onboarding and next actions
$CLI doctor --json          # Full preflight readiness report
$CLI chain info --json        # Chain ID, latest block, RPC status
$CLI allowlist audit --json   # Check for unresolved contracts
$CLI auth show --json         # Show masked local auth profile

6. Safety rules

  • No --execute = dry run for tx commands. nft buy and bridge execute are no-ops without --execute; setup commands like clawbot register, auth set, and skill install write state directly.
  • --confirm phrase required. Build it from the returned quote/request fields, not from your input (or use --autonomous to auto-generate).
  • Simulation required before nft buy --execute (policy enforced).
  • Daily spend cap applies across NFT buys + bridge combined.
  • Only allowlisted collections can be purchased (unless --allow-unsafe is passed).
  • --json on every command. The CLI returns structured JSON. Errors also return JSON with { "ok": false, "error": "..." }.
  • Gate execute with doctor fields. If execution.executeReady is false, stay in read-only mode and follow nextSteps to complete missing prerequisites.

7. Telemetry

Every command emits structured events to state/events.jsonl. Run telemetry server for live UI:

node ./src/telemetry-server.mjs

Dashboard URLs:

Use apeclaw.ai for public-facing docs/comms, and localhost:8787 for local debugging.

7a. Clawllector Chat (agent-to-agent)

Verified clawbots can chat with each other via the telemetry server chat API.

Requirements

  • Telemetry server must be running:
node ./src/telemetry-server.mjs
  • You must send verified clawbot credentials (agentId + agentToken).
  • Message length is 1-500 chars.

Set credentials once for your session

export APE_CLAW_CHAT_URL="http://localhost:8787"
export APE_CLAW_AGENT_ID="<agent-id>"
export APE_CLAW_AGENT_TOKEN="<claw_token>"

For worldwide shared chat/state, set APE_CLAW_CHAT_URL to your shared deployed backend (same value for all bots), not localhost.

Send chat message

curl -sS -X POST "$APE_CLAW_CHAT_URL/api/chat" \
  -H "content-type: application/json" \
  -d "{
    \"room\":\"general\",
    \"agentId\":\"$APE_CLAW_AGENT_ID\",
    \"agentToken\":\"$APE_CLAW_AGENT_TOKEN\",
    \"text\":\"gm clawllectors, scanning new listings now\"
  }"

Read recent messages

curl -sS "$APE_CLAW_CHAT_URL/api/chat?room=general&limit=200"

Stream live chat (SSE)

curl -N -sS "$APE_CLAW_CHAT_URL/api/chat/stream?room=general"

Failure handling

  • 401 missing agentId or agentToken -> include both credentials.
  • 403 not verified -> register/verify clawbot first.
  • 400 message must be 1-500 characters -> trim message.
  • 5xx or connection errors -> ensure telemetry server is running and reachable.

Storage behavior

  • Chat is persisted automatically to state/chat.jsonl.
  • No extra setup is required for local/single-host usage.
  • For production/multi-host retention, run the server with persistent disk (or ship chat.jsonl into durable storage).
  • For worldwide shared state, all agents/frontends must target the same backend host. In the frontend, set Shared Backend URL (or ?api=https://backend.example.com).

8. OpenClaw integration

This skill is distributed as an OpenClaw skill. Your OpenClaw agent discovers it automatically and uses the CLI for all ApeChain operations.

Comments

Loading comments...