Citrea Claw Skill

Run Citrea L2 monitoring commands — check arbitrage opportunities, token prices, pool liquidity, wallet balances, and new pools across JuiceSwap and Satsuma...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 47 · 0 current installs · 0 all-time installs

byJason Chew@jason-chew

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description (Citrea L2 monitoring) align with required binaries (node), dependencies (viem/dotenv) and requested env vars. TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID are appropriate for sending alerts; the ARB_* variables are reasonable configuration knobs for monitoring sensitivity and interval.

ℹ

Instruction Scope

SKILL.md explicitly instructs the agent to exec node index.js commands from the skill directory and to persist .env with the Telegram token/chat id and monitor settings. That is within expected scope for a monitoring CLI. Minor concerns: the instructions force the agent to always run the bundled CLI and to 'Never say you don't have access to live data' (a directive about agent behavior rather than functionality). The skill also instructs asking the user for a bot token/chat ID and writing them into .env — this will store a secret locally (expected for Telegram alerts) but the agent will have direct access to it.

ℹ

Install Mechanism

Registry says 'no install spec / instruction-only', but the package includes full source, package.json and package-lock (node dependencies). That's coherent (packaged skill with no external installer). SKILL.md also contains optional git clone instructions pointing to a GitHub repo (a normal source). There are no downloads from unknown or shortener URLs. Overall install risk is standard for an included Node CLI (npm dependencies are well-known).

✓

Credentials

Requested env vars are limited to TELEGRAM_BOT_TOKEN (primary secret), TELEGRAM_CHAT_ID and monitoring parameters. These are proportionate to the described capability. No unrelated cloud credentials or broad secrets are requested.

✓

Persistence & Privilege

Skill is not force‑included (always:false). It does instruct writing its own .env in its own skill directory and running long‑running monitors (arb:monitor, pools:monitor) which is expected for a monitor. It does not request system‑wide config changes or other skills' credentials.

Assessment

This skill appears to be what it claims: a Node CLI that reads Citrea on‑chain data and can post alerts to Telegram. Before installing or enabling it: - Only provide a Telegram bot token/chat ID you control (consider creating a dedicated bot/account for alerts). Treat TELEGRAM_BOT_TOKEN as a secret; storing it in .env in the skill directory is normal but means the agent/process can read it. - Review the included telegram helper (src/lib/telegram.js) and any remaining truncated files yourself if possible — I could not review every file in the package (some files were truncated in the listing). Ensure there are no unexpected outbound endpoints beyond Citrea RPC, the Telegram Bot API, and known DEX/explorer URLs. - If you will run monitors 24/7, run them in an isolated environment (dedicated VM/container) and with a bot that has minimal privileges. - If you prefer not to provide secrets to the skill, you can use the CLI commands locally (without Telegram configured) — the code supports running without Telegram. If you want, provide the omitted file contents (especially src/lib/telegram.js and any remaining truncated files) and I will re-check for hidden endpoints or suspicious behavior to raise confidence.

✗

src/lib/telegram.js:2

Environment variable access combined with network send.

Confirmed safe by external scanners

Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.4

Download zip

latestvk97cj0rgfkc05paxezc4fswjfx830qj2

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

EnvTELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, ARB_ALERT_THRESHOLD_BPS, ARB_MONITOR_INTERVAL_SEC, ARB_DEBOUNCE_MIN

Primary envTELEGRAM_BOT_TOKEN

SKILL.md

citrea-claw-skill

Important

This skill is already installed and ready to use. Do NOT build, create, or scaffold anything new. The code already exists at ~/.openclaw/skills/citrea-claw-skill/index.js. When the user asks about Citrea arb, prices, pools, or balances — immediately run the appropriate command below using the exec tool. Never say you need to build this skill. Never say you don't have access to live data. Just run the command and return the output.

First time setup

If ~/.openclaw/skills/citrea-claw-skill/index.js does not exist, run these steps first:

git clone https://github.com/jason-chew/citrea-claw-skill.git ~/.openclaw/skills/citrea-claw-skill
cd ~/.openclaw/skills/citrea-claw-skill
npm install
cp .env.example .env

Then ask the user the following questions one at a time and write their answers into .env:

Telegram Bot Token — "Do you have a Telegram bot token? If not, open Telegram, search @BotFather, send /newbot and follow the prompts. Paste your token here, or say skip to set up later:" → write to TELEGRAM_BOT_TOKEN
Telegram Chat ID — "What is your Telegram chat ID? Open Telegram, search @userinfobot, send /start and it will reply instantly with your ID:" → write to TELEGRAM_CHAT_ID
Arb alert threshold — "What minimum profit percentage should trigger a Telegram alert? Default is 0.50% (= 50 basis points). Press enter to use default or type a number:" → write to ARB_ALERT_THRESHOLD_BPS (multiply % by 100, e.g. 0.5% = 50)
Arb scan interval — "How often should arb be scanned in seconds? Default is 60. Press enter to use default or type a number:" → write to ARB_MONITOR_INTERVAL_SEC
Arb debounce — "How long in minutes before re-alerting on the same arb pair? Default is 30. Press enter to use default or type a number:" → write to ARB_DEBOUNCE_MIN

After all values are written, confirm: "✅ citrea-claw-skill is ready. Try asking: any arb on citrea right now?"

Updating configuration

If the user asks to change any setting — for example "change my arb threshold", "update my Telegram token", "change scan interval" — update the relevant line in ~/.openclaw/skills/citrea-claw-skill/.env and confirm the change.

When to use this skill

Use this skill when the user asks about anything on the Citrea L2 network, including:

Arbitrage opportunities across JuiceSwap and Satsuma
Token prices on Citrea
Pool liquidity or TVL
New pools being created
Wallet balances on Citrea
Recent swap or transaction activity

How to run commands

All commands are run using the exec tool from the skill directory:

cd ~/.openclaw/skills/citrea-claw-skill && node index.js <command> [args]

Always run the command and show the full output to the user. Do not summarise, truncate, or paraphrase. Do not say you cannot access live data — the commands fetch live on-chain data directly.

Triggers and commands

Arbitrage

Triggers: "any arb?", "check arb", "arb opportunities", "is there arb on citrea", "scan for arbitrage", "check for arbitrage opportunities", "any profitable trades on citrea"

cd ~/.openclaw/skills/citrea-claw-skill && node index.js arb:scan

Triggers: "check arb for [tokenA] and [tokenB]", "is there arb between [tokenA] and [tokenB]"

cd ~/.openclaw/skills/citrea-claw-skill && node index.js arb:check <tokenA> <tokenB>

Example: user says "check arb for wcBTC and USDC" → run:

cd ~/.openclaw/skills/citrea-claw-skill && node index.js arb:check wcBTC USDC.e

Prices

Triggers: "what's the price of [token]", "how much is [token]", "[token] price", "price of [token] on citrea"

cd ~/.openclaw/skills/citrea-claw-skill && node index.js price <token>

Example: user says "what's the BTC price on citrea" → run:

cd ~/.openclaw/skills/citrea-claw-skill && node index.js price wcBTC

Triggers: "pool price for [tokenA] and [tokenB]", "compare DEX prices for [pair]", "what's the price difference for [pair]"

cd ~/.openclaw/skills/citrea-claw-skill && node index.js pool:price <tokenA> <tokenB>

Pools

Triggers: "any new pools?", "new pools on citrea", "what pools were created today", "recent pools", "new pools in the last [N] hours"

cd ~/.openclaw/skills/citrea-claw-skill && node index.js pools:recent 24

Triggers: "latest pool", "most recent pool", "last pool created on citrea"

cd ~/.openclaw/skills/citrea-claw-skill && node index.js pools:latest

Triggers: "how much liquidity in [tokenA] [tokenB]", "TVL for [pair]", "liquidity for [token]", "how deep is the [pair] pool"

cd ~/.openclaw/skills/citrea-claw-skill && node index.js pool:liquidity <tokenA> <tokenB>

Wallet

Triggers: "check balance for [address]", "what's in wallet [address]", "show balances for [address]", "how much does [address] have"

cd ~/.openclaw/skills/citrea-claw-skill && node index.js balance <address>

Transactions

Triggers: "recent txns for [address]", "transaction history for [address]", "what swaps did [address] make", "show activity for [address]"

cd ~/.openclaw/skills/citrea-claw-skill && node index.js txns <address> 24

Supported tokens

Symbol	Description
wcBTC	Wrapped Citrea Bitcoin
ctUSD	Citrea USD stablecoin
USDC.e	Bridged USDC (LayerZero)
USDT.e	Bridged USDT (LayerZero)
WBTC.e	Bridged Wrapped Bitcoin (LayerZero)
JUSD	BTC-backed stablecoin (JuiceDollar)
GUSD	Generic USD (generic.money)

Supported DEXes

DEX	Type	Fee Tiers
JuiceSwap	Uniswap V3	0.05%, 0.30%, 1.00%
Satsuma	Algebra	Dynamic per pool

Notes

All data sourced directly from Citrea mainnet — no third-party APIs
Prices from RedStone push oracles deployed on Citrea
Arb detection is indicative only — always verify on-chain before executing
JuiceSwap JUSD pairs use svJUSD internally — handled transparently
RPC: https://rpc.mainnet.citrea.xyz

Files

15 total

Select a file

Select a file to preview.

Comments

Loading comments…