Crypto Wallets & Payments for AI Agents
Create and manage ERC20 wallets, transfer and swap tokens across 13 chains, enable agent payments, and earn referrer fees in AI agent ecosystems.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 3 · 2.2k · 6 current installs · 6 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes wallet creation, token transfers, swaps, and referrer fees which align with the skill name. However, the registry metadata lists no required environment variables or primary credential while the runtime instructions clearly require a PRIVATE_KEY for wallet operations — a mismatch between declared requirements and actual functionality.
Instruction Scope
The instructions explicitly require users to provide or generate PRIVATE_KEY and instruct that setup_wallet will save PRIVATE_KEY to a local .env file. They also show examples of invoking mcporter with PRIVATE_KEY in the environment. That surface legitimately needed secret handling for signing transactions, but the skill instructs persisting plaintext private keys and claims 'never transmitted' without proof — this is risky and broad in scope relative to a simple helper.
Install Mechanism
There is no install spec in the registry, but the SKILL.md directs the agent operator to run npx @onlyswaps/mcp-server (i.e., download and run an npm package). Using npx/npm is a common but nontrivial install mechanism (downloads code at runtime); the package is linked on npm and onlyswaps.fyi which helps traceability, but the lack of an explicit install spec/verification in the metadata is a gap.
Credentials
Wallet operations legitimately require a private key, but the manifest does not declare PRIVATE_KEY as a required env var while the instructions repeatedly require and persist it. Requesting and storing a high-value secret (private key) without clearly declaring it in the skill metadata, or recommending safer alternatives (hardware wallets, ephemeral keys), is disproportionate and risky.
Persistence & Privilege
The SKILL.md instructs that setup_wallet 'saves PRIVATE_KEY to .env' and shows examples using environment variables — this encourages creating persistent, plaintext secrets on disk. While always:false and no explicit system-wide modifications are requested, the guidance to persist keys locally increases the blast radius if the fetched npm package or local environment is compromised.
What to consider before installing
This skill performs real crypto operations and therefore needs and handles private keys. Before installing or using it: (1) do not paste the private key of any funded/main wallet — use an ephemeral or test wallet instead; (2) verify the @onlyswaps/mcp-server npm package source code and maintainers (check GitHub, read the code that handles PRIVATE_KEY to confirm it doesn't exfiltrate secrets); (3) prefer using hardware signers or ephemeral keys rather than storing keys in .env or shell history; (4) run the MCP server and npx package in a sandboxed environment if possible; (5) ask the publisher to update the registry metadata to declare PRIVATE_KEY as a required credential and provide checksum or repo links; and (6) if you only need quotes/portfolio lookups, stick to the read-only calls that do not require a private key. If the publisher can provide the package source and a security audit, that would increase confidence.Like a lobster shell, security has layers — review code before you run it.
Current versionv0.1.7
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Crypto Wallets & Payments for AI Agents
Create wallets, transfer tokens, and enable payments between agents. Perfect for bug bounty programs, rewards systems, and agent-to-agent transactions.
What This Enables
- Create wallets - Generate ERC20-compatible wallets with secure key storage
- Transfer tokens - Send ETH, USDC, or any ERC20 token to any address
- Swap tokens - Exchange tokens across 13 chains with best rates
- Earn referrer fees - Get 80% of extra swap fees by referring users
- Agent payments - Bug bounties, rewards programs, automated payouts
MCP Server Setup
For Moltbot/OpenClaw, configure via mcporter:
mcporter config add onlyswaps --command "npx -y @onlyswaps/mcp-server@latest stdio" --transport stdio
For Claude Desktop, add to MCP config:
{
"mcpServers": {
"onlyswaps": {
"command": "npx",
"args": ["-y", "@onlyswaps/mcp-server@latest", "stdio"]
}
}
}
Available Tools
Read-Only (no wallet needed)
| Tool | Description |
|---|---|
get_quote | Get swap quotes from 15+ DEX aggregators |
get_portfolio | View token balances for any address |
Wallet Required (need PRIVATE_KEY)
| Tool | Description |
|---|---|
setup_wallet | Create a new wallet (saves PRIVATE_KEY to .env) |
check_setup | Verify wallet config and balances |
transfer | Send tokens to any address |
swap | Execute token swaps (with optional referrer fees) |
approve_permit2 | Approve tokens for gasless swaps |
Earn Fees as a Referrer
AI agents can earn fees by setting referrerAddress and extraFeeBps on swaps:
| extraFeeBps | Referrer Gets | OnlySwaps Gets | Total User Fee |
|---|---|---|---|
| 0 (default) | 0 bps | 20 bps | 0.20% |
| 10 (suggested) | 8 bps | 22 bps | 0.30% |
| 100 (max) | 80 bps | 40 bps | 1.20% |
Example: With extraFeeBps: 10, on a $1000 swap:
- Referrer earns: $0.80 (8 bps)
- User pays: $3 total (0.30%)
Note: Referrer fees only work for ERC20 swaps. Native token swaps (ETH, BNB) don't support referrer fees.
IMPORTANT: Private Key Handling
For wallet operations, you MUST have PRIVATE_KEY set.
If the user wants to create a wallet, transfer, or swap:
- First ask: "Do you have an existing wallet private key, or should I create a new one?"
- If new: Use
setup_walletto generate one - If existing: Ask user to provide PRIVATE_KEY and set it in environment
To call tools with PRIVATE_KEY:
PRIVATE_KEY=0x... mcporter call onlyswaps.check_setup chainId=8453
Amount Format
Different tools use different formats:
| Tool | Format | Example |
|---|---|---|
get_quote | wei (base units) | "1000000000000000" = 0.001 ETH |
swap | wei (base units) | "100000000000000000" = 0.1 ETH |
transfer | human readable | "0.001" = 0.001 tokens |
Wei conversion:
- 1 ETH =
1000000000000000000(18 zeros) - 0.001 ETH =
1000000000000000(15 zeros) - 1 USDC =
1000000(6 decimals)
Quick Examples
IMPORTANT: Use function call syntax with quoted strings!
Get a swap quote (no wallet needed)
mcporter call 'onlyswaps.get_quote(fromToken: "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE", toToken: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", amount: "1000000000000000", chainId: 8453)'
Check any address portfolio (no wallet needed)
mcporter call 'onlyswaps.get_portfolio(userAddress: "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045")'
Create a new wallet
mcporter call onlyswaps.setup_wallet
# Returns: address and private key - SAVE THE PRIVATE KEY!
Check wallet setup (requires PRIVATE_KEY)
PRIVATE_KEY=0x... mcporter call 'onlyswaps.check_setup(chainId: 8453)'
Transfer tokens (requires PRIVATE_KEY + funded wallet)
PRIVATE_KEY=0x... mcporter call 'onlyswaps.transfer(tokenAddress: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", toAddress: "0xRecipientAddress", amount: "1000000", chainId: 8453)'
Swap with referrer fee (earn fees as an agent)
PRIVATE_KEY=0x... mcporter call 'onlyswaps.swap(fromToken: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", toToken: "ETH", amount: "100000000", chainId: 8453, referrerAddress: "0xYourAgentWallet", extraFeeBps: 10)'
Supported Chains
| Chain | ID | Native Token |
|---|---|---|
| Ethereum | 1 | ETH |
| Base | 8453 | ETH |
| Arbitrum | 42161 | ETH |
| Optimism | 10 | ETH |
| Polygon | 137 | MATIC |
| BNB Chain | 56 | BNB |
| Avalanche | 43114 | AVAX |
Common Token Addresses
| Token | Base (8453) | Ethereum (1) |
|---|---|---|
| Native (ETH) | 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE | 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE |
| USDC | 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 | 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 |
Security Notes
- Private keys are stored locally, never transmitted
- Always verify addresses before sending
- Start with small test amounts
Links
- npm: @onlyswaps/mcp-server
- Docs: onlyswaps.fyi
Built by OnlySwaps 🦞
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…