Trade
Swap or trade tokens on Base network. Use when you or the user want to trade, swap, exchange, buy, sell, or convert between tokens like USDC, ETH, and WETH. Covers phrases like "buy ETH", "sell ETH for USDC", "convert USDC to ETH", "get some ETH".
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 772 · 5 current installs · 5 all-time installs
by@0xRAG
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the runtime instructions: the SKILL.md tells the agent to perform token swaps on Base using the `npx awal@latest trade` CLI, and the token aliases/arguments align with that purpose.
Instruction Scope
Instructions are narrowly scoped to calling the `awal` CLI (status/trade/balance) and handling amounts/tokens; they do not ask the agent to read arbitrary system files. However, they direct the agent to execute remote code (npx) that will interact with the user's wallet — the exact wallet access surface is not described here.
Install Mechanism
There is no install spec in the skill, but allowed-tools explicitly rely on `npx awal@latest`. Running npx fetches and executes code from the npm registry at runtime, and the skill pins to @latest (unversioned), introducing supply-chain / arbitrary remote-code risk. This is expected for a CLI-based approach but is a noteworthy risk that is not mitigated here (no pinned version, no source/homepage).
Credentials
The skill declares no required env vars or credentials, yet trading requires a wallet/authentication step. The SKILL.md refers to being "authenticated" and an external `authenticate-wallet` skill, but it does not declare what secrets or local wallet files the CLI will access. Lack of explicit credential declarations hides where private keys or wallets will be read or supplied.
Persistence & Privilege
The skill is user-invocable, not always-included, and does not request persistent privileges or modify other skills. Autonomous invocation is enabled (disable-model-invocation: false), which is normal; nothing here grants unusual system-wide persistence.
What to consider before installing
This skill does what it says (trades tokens) but it executes an unpinned npm package at runtime (npx awal@latest) and relies on a wallet authentication step that is not described. Before installing or using it: verify the `awal` CLI's source and maintainers, prefer a pinned version rather than @latest, inspect the package code (or its published repository) to see how it handles keys and approvals, and avoid entering private keys into prompts unless you trust the package. If possible, run trades from an isolated/hard-limited wallet (small funds) or ask the author for a versioned, auditable integration that documents exactly how authentication and signing are performed.Like a lobster shell, security has layers — review code before you run it.
Current versionv0.1.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Trading Tokens
Use the npx awal@latest trade command to swap tokens on Base network via the CDP Swap API. You must be authenticated to trade.
Confirm wallet is initialized and authed
npx awal@latest status
If the wallet is not authenticated, refer to the authenticate-wallet skill.
Command Syntax
npx awal@latest trade <amount> <from> <to> [options]
Arguments
| Argument | Description |
|---|---|
amount | Amount to swap (see Amount Formats below) |
from | Source token: alias (usdc, eth, weth) or contract address (0x...) |
to | Destination token: alias (usdc, eth, weth) or contract address (0x...) |
Amount Formats
The amount can be specified in multiple formats:
| Format | Example | Description |
|---|---|---|
| Dollar prefix | '$1.00', '$0.50' | USD notation (decimals based on token) |
| Decimal | 1.0, 0.50, 0.001 | Human-readable with decimal point |
| Whole number | 5, 100 | Interpreted as whole tokens |
| Atomic units | 500000 | Large integers treated as atomic units |
Auto-detection: Large integers without a decimal point are treated as atomic units. For example, 500000 for USDC (6 decimals) = $0.50.
Decimals: For known tokens (usdc=6, eth=18, weth=18), decimals are automatic. For arbitrary contract addresses, decimals are read from the token contract.
Options
| Option | Description |
|---|---|
-c, --chain <name> | Blockchain network (default: base) |
-s, --slippage <n> | Slippage tolerance in basis points (100 = 1%) |
--json | Output result as JSON |
Token Aliases
| Alias | Token | Decimals | Address |
|---|---|---|---|
| usdc | USDC | 6 | 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 |
| eth | ETH | 18 | 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE |
| weth | WETH | 18 | 0x4200000000000000000000000000000000000006 |
IMPORTANT: Always single-quote amounts that use $ to prevent bash variable expansion (e.g. '$1.00' not $1.00).
Examples
# Swap $1 USDC for ETH (dollar prefix — note the single quotes)
npx awal@latest trade '$1' usdc eth
# Swap 0.50 USDC for ETH (decimal format)
npx awal@latest trade 0.50 usdc eth
# Swap 500000 atomic units of USDC for ETH
npx awal@latest trade 500000 usdc eth
# Swap 0.01 ETH for USDC
npx awal@latest trade 0.01 eth usdc
# Swap with custom slippage (2%)
npx awal@latest trade '$5' usdc eth --slippage 200
# Swap using contract addresses (decimals read from chain)
npx awal@latest trade 100 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 0x4200000000000000000000000000000000000006
# Get JSON output
npx awal@latest trade '$1' usdc eth --json
Prerequisites
- Must be authenticated (
awal statusto check) - Wallet must have sufficient balance of the source token
Error Handling
Common errors:
- "Not authenticated" - Run
awal auth login <email>first - "Invalid token" - Use a valid alias (usdc, eth, weth) or 0x address
- "Cannot swap a token to itself" - From and to must be different
- "Swap failed: TRANSFER_FROM_FAILED" - Insufficient balance or approval issue
- "No liquidity" - Try a smaller amount or different token pair
- "Amount has X decimals but token only supports Y" - Too many decimal places
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…