Arsenal — Sumplus DeFi Execution Layer

v1.0.0

Execute DeFi skills on Ethereum, Sui, Solana, and 10+ chains via Arsenal. Use for swaps, lending, liquidity, portfolio queries, and any blockchain operation.

⭐ 0· 115·0 current·0 all-time

by@sumplus-real·duplicate of @agent3-666/arsenal

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sumplus-real/sumplus-arsenal.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Arsenal — Sumplus DeFi Execution Layer" (sumplus-real/sumplus-arsenal) from ClawHub.
Skill page: https://clawhub.ai/sumplus-real/sumplus-arsenal
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: ARSENAL_API_KEY
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sumplus-arsenal

ClawHub CLI

Package manager switcher

npx clawhub@latest install sumplus-arsenal

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

The name/description (DeFi execution across many chains) matches the declared requirements and instructions. The only required credential is ARSENAL_API_KEY, which is the expected primary credential for an external execution API. No unrelated binaries, config paths, or extra cloud credentials are requested.

ℹ

Instruction Scope

SKILL.md instructs the agent to always search Arsenal for the appropriate skill and to call /api/execute to get quotes or build transactions. It also instructs that EVM transactions should be "executed in order" and Sui/Solana tx_bytes/transactions should be passed to wallets or Privy. This is coherent for an execution layer, but the instructions assume an ability to (a) deliver txs to a signing/sending mechanism and (b) manage multi-step flows; the SKILL.md does not explicitly restrict or clarify whether the agent should ever ask for private keys, seed phrases, or the user's wallet credentials (it does explicitly say to inject ARSENAL_API_KEY from env and never ask the user for it). Because the skill can result in on-chain actions that move funds, confirmatory UX and explicit safe signing practices are important but not spelled out.

✓

Install Mechanism

This is instruction-only with no install steps or code files, so nothing is downloaded or written to disk. That minimizes install-time risk.

✓

Credentials

Only one env var (ARSENAL_API_KEY) is required, which is proportionate for an external API. The SKILL.md references a sign-up flow (email/password → obtain api_key) but does not require additional unrelated credentials or config paths.

✓

Persistence & Privilege

always:false and no install means the skill does not demand permanent inclusion or elevated platform privileges. It does not request changing other skills or system-wide settings.

Assessment

This skill appears to be what it says: a wrapper around Arsenal's HTTP API that needs an ARSENAL_API_KEY. Before installing or using it, consider the following: (1) An API key given to this skill can be used to build and (depending on your setup) execute on-chain transactions — only provide a key you control and trust, ideally with limited scope if Arsenal supports that. (2) Never share private keys, seed phrases, or wallet passwords with the agent; prefer to sign transactions in your own wallet or through a trusted signing service. (3) If the skill asks you to supply email/password to perform sign-up flows, prefer to create the API key yourself via the Arsenal website and then set ARSENAL_API_KEY in the agent's environment rather than disclosing your credentials. (4) Test with small amounts or read-only queries first (get_quote, get_markets) to confirm behavior. (5) If you need higher assurance, ask the publisher for docs, an audit, or source code; the skill's source is unknown. Finally, verify the domain (https://arsenal.sumplus.xyz) and consider rotating keys after initial use.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

⚔️ Clawdis

EnvARSENAL_API_KEY

Primary envARSENAL_API_KEY

blockchainvk976b7t469z4g1atpde1s4gwrs83qcbwdefivk976b7t469z4g1atpde1s4gwrs83qcbwevmvk976b7t469z4g1atpde1s4gwrs83qcbwlatestvk976b7t469z4g1atpde1s4gwrs83qcbwsolanavk976b7t469z4g1atpde1s4gwrs83qcbwsuivk976b7t469z4g1atpde1s4gwrs83qcbwweb3vk976b7t469z4g1atpde1s4gwrs83qcbw

115downloads

0stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

Arsenal — DeFi Execution Layer

Arsenal is Sumplus's on-chain execution platform. When the user asks for anything blockchain-related — swaps, lending, balances, liquidity positions — call Arsenal.

Base URL: https://arsenal.sumplus.xyz Auth: Authorization: Bearer {ARSENAL_API_KEY} (inject from env, never ask the user)

Step 1 — Discover the right skill

GET /api/skills?search={intent}&limit=5

Always search first. Don't guess a skill_id.

# Example: user wants to swap on Sui
curl "https://arsenal.sumplus.xyz/api/skills?search=cetus+swap+sui&limit=5"

Response includes id, name, schema.input (what params to send), schema.output (what comes back).

Step 2 — Execute the skill

POST /api/execute
Authorization: Bearer {ARSENAL_API_KEY}
Content-Type: application/json

{
  "skill_id": "<id from Step 1>",
  "input": {
    "action": "<action>",
    ... other params from schema.input
  }
}

Every call requires action. Check the skill's schema.input for the full list.

Common input parameters

Param	Description
`action`	Required. Which operation: `get_quote`, `build_swap_tx`, `get_markets`, etc.
`sender`	Wallet address. EVM: `0x...` (40 hex). Sui: `0x...` (64 hex).
`tokenIn` / `token_in`	Input token symbol (`ETH`, `USDC`) or contract address
`tokenOut` / `token_out`	Output token
`amountIn` / `amount_in`	Human-readable amount string: `"0.1"`, `"100"`
`slippage`	Decimal, default `0.01` (= 1%)
`chain`	Chain name: `ethereum`, `optimism`, `arbitrum`, `base`, `bsc`, `solana`

Reading the response

Quote (`get_quote`)

{
  "amount_in": "0.1",
  "amount_out": "243.52",
  "price_impact": "0.04%",
  "fee": "0.3%"
}

Show this to the user. Ask if they want to proceed before building a transaction.

EVM transaction (`build_swap_tx`)

{
  "transactions": [
    { "to": "0x...", "data": "0x...", "value": "0x0", "description": "Approve WETH" },
    { "to": "0x...", "data": "0x...", "value": "0x0", "description": "Swap WETH → USDC" }
  ],
  "amount_out_estimated": "243.52",
  "amount_out_minimum": "241.1"
}

Execute transactions in order. Each tx must confirm before sending the next.

Sui transaction (`build_swap_tx`)

{
  "tx_bytes": "<base64 PTB>",
  "instructions": ["Pass tx_bytes to any Sui wallet to sign and submit."]
}

Pass tx_bytes to Privy send_sui_transaction or the user's Sui wallet.

Solana transaction (`build_swap_tx`)

{
  "transaction": "<base64 VersionedTransaction>",
  "amount_in": "0.1",
  "amount_out": "14.83"
}

Pass transaction to the user's Solana wallet or Privy sendTransaction.

Available skills (quick reference)

EVM (Ethereum, Optimism, Arbitrum, Base, Polygon, BSC)

Uniswap V3 — get_quote, build_swap_tx
Velodrome V2 — get_quote, build_swap_tx (Optimism only)
PancakeSwap V3 — get_quote, build_swap_tx, get_pool_info
Aave — get_markets, get_reserves, get_user_account, get_user_supplies, get_user_borrows
GMX — get_markets, get_position, get_funding_rates
Hyperliquid — get_markets, get_orderbook, get_user_positions

Sui

Cetus CLMM — get_quote, build_swap_tx, get_pool_info, get_pools, get_position
Bluefin Ember — list_vaults, get_vault_info, get_user_position, deposit, withdraw
Aftermath Finance — get_pools, get_pool_info, get_quote, build_swap_tx
Navi Protocol — get_markets, get_user_position, get_reserve_data
Scallop — get_markets, get_user_position
Suilend — get_markets, get_user_position
SUI Blockchain Toolkit — get_balance, get_tokens, get_nfts, get_transactions

Solana

Jupiter — get_quote, build_swap_tx, get_token_price
Raydium — get_pools, get_pool_info, get_quote

Cross-chain

Crypto Wallet Manager — get_balance, get_tokens, get_transactions
Sumplus Yield Optimizer — get_recommendations, compare_protocols

Error handling

Status	Meaning	Action
400	Bad input / missing field	Check `details.fieldErrors`, fix params
401	Invalid or missing API key	Check `ARSENAL_API_KEY` env var
404	Skill not found	Re-search with different keywords
422	Skill ran but failed logically (no pool, bad amount)	Tell user, suggest alternatives
500	Infrastructure error	Retry once, then report to user

Workflow example

User: "Swap 0.5 SUI for USDC on Cetus"

Search: GET /api/skills?search=cetus+swap+sui
Find Cetus CLMM skill, note its id
Get quote: POST /api/execute with action: "get_quote", tokenIn: "SUI", tokenOut: "USDC", amountIn: "0.5"
Show user: "You'll receive ~12.3 USDC. Proceed?"
Build tx: POST /api/execute with action: "build_swap_tx", sender: "<user_address>", same tokens + amount
Return tx_bytes to user's Sui wallet for signing

Sign-up / API key

If the user needs an Arsenal API key:

POST https://arsenal.sumplus.xyz/api/auth/signup
{ "email": "...", "password": "...", "role": "agent" }

Then: POST /api/auth/apikey (with JWT) → { "api_key": "sk_live_..." }

Comments

Loading comments...