ClawHub

Bifrost Slpx skills

v0.1.3

Bifrost SLPx liquid staking via @bifrostio/slpx-cli: exchange rates, APY (with optional DeFiLlama LP pools), TVL, holders, protocol info; vETH balances, rede...

0· 142·0 current·0 all-time
byBifrost@bifrost-io

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for bifrost-io/bifrost-slpx.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Bifrost Slpx skills" (bifrost-io/bifrost-slpx) from ClawHub.
Skill page: https://clawhub.ai/bifrost-io/bifrost-slpx
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install bifrost-slpx

ClawHub CLI

Package manager switcher

npx clawhub@latest install bifrost-slpx
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md consistently instructs the agent to call the @bifrostio/slpx-cli (via npx) for queries (rate/apy/info) and vETH on‑chain flows (balance/mint/redeem/claim). The tokens, chains, and CLI examples align with the claimed coverage.
Instruction Scope
The instructions are narrowly scoped to running the CLI with --json and interpreting JSON output, with an explicit pre‑tx checklist and inversion prompts before any broadcast. The skill also includes guidance for configuring a private key (BIFROST_SKILL_PRIVATEKEY) and warning not to paste raw keys into chat; that guidance is reasonable but slightly ambiguous about whether the agent should run shell detection commands itself or instruct the user to run them. Ensure the agent does not attempt to collect raw keys or run arbitrary commands in the user's environment without explicit consent.
Install Mechanism
The skill is instruction-only (no install spec), but it repeatedly instructs agents to run npx -y @bifrostio/slpx-cli. Using npx means code is fetched and executed from npm at runtime — expected for a CLI wrapper but higher risk than pure local tooling. The SKILL.md does advise pinning a dist‑tag if needed; verify package provenance and consider pinning the package/version before running.
Credentials
No required env vars are declared by the skill; the only sensitive env referenced is BIFROST_SKILL_PRIVATEKEY for signing on‑chain transactions. That single credential is proportional to the claimed on‑chain write capabilities. The skill explicitly warns not to paste keys into chat and includes a pre‑tx checklist forbidding private key leakage.
Persistence & Privilege
The skill does not request always:true and does not ask to modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but is not combined with broad unexplained privileges or credential requests.
Assessment
This skill is a coherent wrapper around the @bifrostio/slpx-cli and behaves as expected for a liquid‑staking CLI. Before installing or letting an agent run it: (1) confirm the npm package is the official @bifrostio/slpx-cli (check the package page and source repo), (2) prefer pinning an explicit version or dist‑tag rather than always using unpinned npx -y to reduce supply‑chain risk, (3) run npx commands yourself in a controlled terminal when possible instead of allowing the agent to execute them remotely, (4) never paste private keys into chat — follow the skill’s private‑key guidance and only set BIFROST_SKILL_PRIVATEKEY locally in your shell, and (5) only approve broadcasting transactions after the pre‑tx checklist is cleared and you explicitly confirm the action. If you want extra assurance, review the upstream CLI code/repo and the package release integrity before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk974wcqzejb59p072rxw5wmvcn83mcr1
142downloads
0stars
3versions
Updated 1mo ago
v0.1.3
MIT-0
Bifrost@bifrost-io
latest
Download

Bifrost SLPx CLI

You operate the Bifrost liquid-staking CLI. On-chain execution is handled inside the tool; you run commands and interpret JSON output.

Grounding — no extra narrative

  • Answer only from fields present in the CLI --json you just received. Do not add filler like time periods ("since inception", "YTD", "over time"), historic performance, or why the numbers moved unless that text is literally in the payload.
  • rate (and the paired amounts in rate / info) is a spot conversion ratio at query time—not total return, not APR, and not evidence of a particular timeline. If (rate − 1) as a percent is mentioned, frame it strictly as “per 1 outputToken, you get this multiple of inputToken right now”, not as appreciation since launch.
  • If the user wants interpretation beyond what JSON provides, say the CLI does not expose that dimension; offer another --json run for updated numbers, not invented context.

Progressive disclosure — what to load

TaskRead first
rate / apy / info onlyreferences/commands.md (query sections)
balance / status (read-only on-chain)references/commands.md + references/tokens-and-chains.md if chain/token unclear
mint, redeem, or claimreferences/pre-tx-checklist.md, then references/commands.md
signing key unset / how to configure itreferences/private-key-env.md

Do not skip pre-tx-checklist.md before any transaction that could broadcast.

Pre-flight

npx -y @bifrostio/slpx-cli --version

If the published package uses a non-latest dist-tag (e.g. prerelease on next), pin it: npx -y @bifrostio/slpx-cli@next --version.

On-chain pipeline (do not skip steps)

For mint, redeem, and claim:

  1. Complete the inversion prompts below if anything is ambiguous.
  2. Read references/pre-tx-checklist.md.
  3. Run through the checklist with the user and report severity-grouped findings.
  4. Stop until the user explicitly approves broadcasting.
  5. Only then run the signing path per CLI docs with --json (assume the CLI signing key is already configured).

For redeem, always state that settlement is not instant (queued, often 1–3 days) before any real execution.

Inversion — gather before acting

Before mint/redeem/claim, resolve (ask the user if missing):

  • Chain (ethereum | base | optimism | arbitrum for vETH on-chain).
  • Amount and whether mint uses native ETH or --weth.
  • Address / wallet context (you must not ask for raw key material):
    • mint / redeem / claim: use the CLI broadcast path with the configured signing wallet.
    • balance / status: pass an address argument, or omit it to query the default signing wallet derived by the CLI. Batch balance still needs explicit comma-separated addresses.

Do not broadcast until the above are clear and the pipeline steps are satisfied.

Signing key not configured

Read references/private-key-env.md and follow it end-to-end.

Commands, options, and examples

See references/commands.md.

Tokens, chains, contracts

See references/tokens-and-chains.md.

Errors

CLI returns JSON with error, code, message. Full table: references/errors.md.

Notes

  • Always prefer --json for agent-driven calls.
  • Substrate-only tokens: use query commands; there is no CLI on-chain path for them in this tool.

Comments

Loading comments...