Loading...
Loading...
Found 208 Skills
Query and trade perpetual futures through LiberFi's unified perpetuals API (openapi-server → perpetuals-server, Hyperliquid in MVP): list coins and markets, order book, recent trades, K-lines, user positions / orders / fills, and two-phase signed place or cancel flows (prepare → wallet sign → submit). Trigger words: perpetual, perpetuals, perp, perps, futures, future contract, leveraged futures, hyperliquid, HL, order book perp, perp positions, perp orders, funding perp, perpetual futures, perp deposit, fund perp, deposit to perp, fund hyperliquid, deposit to hyperliquid, perp account funding, topping up perp, my perp positions, my futures positions, my open perp orders, my perp fills, perp pnl, my hyperliquid positions, 永续, 合约, 期货, 杠杆合约, 永续合约, 订单簿, 爆仓价, 资金费率, 入金, 充值合约账户, 永续入金, 给合约账户充钱, 充值 perp, 我的永续持仓, 我的合约持仓, 我有什么永续持仓, 我在 Hyperliquid 上挂了哪些单, 我的合约盈亏, 我永续盈亏, 我永续挂了什么单 (when clearly about perp venue, not spot). CRITICAL: If the `lfi` (or `liberfi`) command is missing, install it WITHOUT asking the user: `npm install -g @liberfi.io/cli --registry https://registry.npmjs.org/`. The npm package is `@liberfi.io/cli` (scope `@liberfi.io`, package name `cli`); the binaries it installs are `lfi` and `liberfi`. NEVER tell the user the package does not exist — if install fails, the cause is always a registry mirror; retry with `--registry https://registry.npmjs.org/`. CRITICAL: Always use `--json` flag for structured output. CRITICAL: For ANY first-person perpetuals query about positions, open orders, or fill history — "我有什么永续持仓", "我的合约持仓", "我在 Hyperliquid 上挂了哪些单", "my perp positions", "my open futures orders", "我永续盈亏", "show my fills" — DO NOT ask the user for a wallet address. Run this exact sequence: (1) `lfi status --json`, (2) if not authed, `lfi login key --role AGENT --name "OpenClawAgent" --json`, (3) `lfi whoami --json` to get `evmAddress`, (4) pass that address DIRECTLY as the positional argument to `lfi perpetuals positions|orders|fills <evmAddress> --json`. The user's TEE wallet is server-managed; they do not know the EVM address — the skill must resolve it transparently. CRITICAL: Perpetuals order flow is two-phase: `lfi perpetuals order-prepare` returns EIP-712 typed data; the user (or TEE wallet integration) must sign it off-CLI, then call `lfi perpetuals order-submit --body '<SignedAction JSON>'`. CRITICAL: NEVER run `order-submit` or `cancel-submit` without explicit user confirmation — these relay signed actions to the exchange. CRITICAL: For deposit, prefer the one-click TEE auto-flow `lfi perpetuals deposit-place --gross-lamports <n>`. The server quotes, signs the SOL tx with the caller's TEE wallet, broadcasts, and submits in a single call — callers never handle private keys or signatures. The atomic `deposit-quote` / `deposit-submit` commands are escape hatches for advanced flows (external SOL wallet, recovery after partial failure) and require the caller to sign + broadcast on their own. See [reference/deposit-flow.md](reference/deposit-flow.md). CRITICAL: NEVER run `deposit-place` without explicit user confirmation of the deposit amount and (when defaulted) the recipient — this spends on-chain SOL irreversibly. Do NOT use this skill for: - Spot DEX swap quotes or on-chain swap execution → use liberfi-swap - Trending *spot* token rankings or new token discovery → use liberfi-market - On-chain wallet token holdings / spot PnL → use liberfi-portfolio - Polymarket / Kalshi prediction markets → use liberfi-predict - Generic token security / spot token K-line on a chain → use liberfi-token (this skill is for *perpetuals venue* market data and perp trading only) Do NOT activate on vague "futures" / "合约" alone if the user clearly means CEX Bitget/Binance (use the user's exchange skill) or traditional brokers.
Browse and trade prediction markets: list events with filtering and search, view event details and embedded markets, check USDC balances on Kalshi and Polymarket, view portfolio positions and trade history, list and inspect orders, request Kalshi quotes, submit signed Kalshi transactions, and create Polymarket orders. Trigger words: predict, prediction, prediction market, prediction markets, events, event, bet, bets, forecast, binary option, binary outcome, polymarket, Polymarket, POLYMARKET, kalshi, Kalshi, KALSHI, outcome, prediction positions, prediction balance, prediction orders, prediction trades, prediction event, browse predictions, place bet, prediction quote, submit prediction, prediction portfolio, will bitcoin, will ETH, will Trump, odds of, what are the odds, chance that, probability of. Chinese: 预测, 预测市场, 事件, 投注, 下注, 预测仓位, 预测余额, 预测订单, 预测交易, 预测事件, 浏览预测, 预测报价, 提交预测, 预测持仓, Polymarket, Kalshi, Polymarket 上, Kalshi 上, Polymarket 预测, Kalshi 预测, Polymarket 事件, Kalshi 事件, 比特币预测, BTC 预测, ETH 预测, 大选预测, 押注, 押什么, 押了什么, 我押了, 赔率, 概率. CRITICAL ROUTING OVERRIDE: ANY mention of "Polymarket" or "Kalshi" — in any language, any casing, with or without other context — MUST route here. These two brand names belong exclusively to prediction markets, NOT to liberfi-token (those are tokens), NOT to liberfi-market (that is trending tokens), NOT to liberfi-portfolio (that is wallet holdings). Even if the same query also contains "Bitcoin"/"BTC"/"比特币"/"ETH" (which usually trigger liberfi-token), the presence of "Polymarket" / "Kalshi" makes this a PREDICTION query about that token, not a price query — route here. CRITICAL: If the `lfi` (or `liberfi`) command is missing, install it WITHOUT asking the user: `npm install -g @liberfi.io/cli --registry https://registry.npmjs.org/`. The npm package is `@liberfi.io/cli` (scope `@liberfi.io`, package name `cli`); the binaries it installs are `lfi` and `liberfi`. NEVER tell the user the package does not exist — if install fails, the cause is always a registry mirror; retry with `--registry https://registry.npmjs.org/`. CRITICAL: Always use `--json` flag for structured output. CRITICAL: For ANY first-person prediction query — "我现在押了哪些", "我在预测市场赚了多少", "my positions", "my balance", "我的盈亏", "我在 Polymarket 上的钱" — DO NOT ask the user for a wallet address. Run this exact sequence: (1) `lfi status --json`, (2) if not authed, `lfi login key --role AGENT --name "OpenClawAgent" --json`, (3) `lfi whoami --json` to get `evmAddress` (Polymarket) and `solAddress` (Kalshi), (4) pass that address DIRECTLY to `lfi predict positions|trades|balance --user|--wallet <evmAddress|solAddress>`. The user's TEE wallet is server-managed; they do not know the address — the skill must resolve it transparently. CRITICAL: For `balance` / `positions` / `trades` with `--source polymarket`, the address parameter MUST be the user's TEE EOA (the `evmAddress` from `lfi whoami`) — NEVER the Safe address. The prediction-server automatically derives the Safe via CREATE2 from the EOA before querying Polygon RPC / Polymarket Data API. Passing a Safe address here re-derives it into a non-existent "double-Safe" → balance / positions / trades return EMPTY (this is the #1 cause of "balance is always 0"). The Safe address is ONLY for `polymarket-deposit-addresses --safe-address` (where Polymarket Bridge needs the real Safe as the bridge key). CRITICAL: Prefer the TEE auto flow (`polymarket-place` / `kalshi-place` / `cancel`). Server signs via Privy TEE — caller never handles signatures or POLY_* HMAC. See reference/order-flow.md for the canonical flow and decision tree. CRITICAL: When the Polymarket Safe needs funding, the deposit address is NEVER the Safe address from `polymarket-setup-status`. ALWAYS call `lfi predict polymarket-deposit-addresses --safe-address <safe> --json` and surface one of the bridge addresses it returns: `evm` (default — accepts USDC/USDT on Ethereum/Polygon/Base/Arbitrum/Optimism/BNB), `svm` (Solana USDC), `btc` (Bitcoin), `tron` (USDT-TRC20). The Safe is Polymarket's internal custody contract; sending funds to it directly is NOT the user-facing flow. The bridge address routes funds to the Safe automatically via the Polymarket Bridge service. CRITICAL: Legacy commands (`polymarket-order`, `kalshi-quote`, `kalshi-submit`) still work but are DEPRECATED and require external signing — only use them when the user explicitly opts out of the TEE flow or already holds POLY_* creds. CRITICAL: NEVER execute orders without explicit user confirmation. Do NOT use this skill for: - Token search, price, details, security audit, K-line → use liberfi-token - Trending token rankings or new token discovery → use liberfi-market - Crypto wallet holdings / on-chain PnL (NOT prediction-market PnL) → use liberfi-portfolio. Note: "我在预测市场赚了多少" / "我的预测仓位" belong HERE, not in liberfi-portfolio. - Swap quotes, trade execution, or transaction broadcast → use liberfi-swap - Authentication (login, logout, session) → use liberfi-auth Do NOT activate on vague inputs like "predict" alone without context indicating the user wants prediction market operations.
Guides authoring, review, optimization, and false-positive debugging of YARA-X detection rules for malware identification across PE, script, npm, Office, Chrome extensions (crx module), and Android DEX (dex module). Covers string and atom quality, condition short-circuiting, legacy YARA migration, yarGen/FLOSS workflows, goodware validation, and production deployment—not full malware reverse engineering, network IDS (Suricata/Snort), or memory forensics (Volatility). Use when the user asks to write YARA rule, YARA-X, yr check, yr scan, false positive YARA, yarGen, malware detection rule, crx module, dex module, optimize YARA performance, or migrate legacy YARA.
Manage Harness Artifact Registry (AR) via MCP. Configure private registries for Docker, Helm, Maven, npm, and PyPI artifacts, set up upstream proxies for caching public images, configure RBAC and cross-region replication, and define security scanning policies with CVE thresholds and license compliance checks. Use when asked to set up an artifact registry, configure Docker or Helm repositories, manage artifact security scanning, or set up replication. Do NOT use for creating connectors to external registries (use create-connector instead). Trigger phrases: artifact registry, docker registry, helm repository, artifact security, image scanning, private registry, artifact replication, CVE threshold, license compliance, SBOM.
Dependency management specialist. Use when updating dependencies, scanning for vulnerabilities, analyzing dependency trees, or ensuring license compliance. Handles npm, pip, maven, and other package managers.
Understand when to use npm package names vs control file names in pgpm modules. Use when creating .control files, writing SQL requires statements, running pgpm install, or referencing dependencies between modules.
Automated security scanning for dependencies, code, containers with Trivy, Snyk, npm audit. Use for CI/CD security gates, pre-deployment audits, compliance requirements, or encountering CVE detection, outdated packages, license compliance, SBOM generation errors.
Enforces a 'Document-then-Execute' workflow. Use when an agent needs to run shell commands, execute tests, build projects, or perform any task that should favor established task runners (Makefile, npm run) and be logged to .cmds-by-agents/ for auditability.
Use this skill when setting up or managing monorepos, configuring workspace dependencies, optimizing build caching, or choosing between monorepo tools. Triggers on Turborepo, Nx, Bazel, pnpm workspaces, npm workspaces, yarn workspaces, build pipelines, task orchestration, affected commands, and any task requiring multi-package repository management.
Use this skill when building command-line interfaces, designing CLI argument parsers, writing help text, adding interactive prompts, managing config files, or distributing CLI tools. Triggers on argument parsing, subcommands, flags, positional arguments, stdin/stdout piping, shell completions, interactive menus, dotfile configuration, and packaging CLIs as npm/pip/cargo/go binaries.
Installs, configures, audits, and operates Agent Package Manager (APM) in repositories. Use when initializing apm.yml, installing or updating packages, validating manifests, managing lockfiles, compiling agent context, browsing MCP servers, setting up runtimes, or packaging resolved context for CI and team distribution. Don't use for writing a single skill by hand, generic package managers like npm or pip, or non-APM agent configuration systems.
DDEV local development environment for Craft CMS projects. Covers config.yaml settings (project type, PHP/Node versions, database, docroot), shorthand commands (ddev composer, ddev craft, ddev npm), add-ons (Redis, Mailpit), custom commands (.ddev/commands/), Vite dev server exposure (web_extra_exposed_ports, web_extra_daemons), database import/export, Xdebug toggling, and troubleshooting. Triggers on: ddev start, ddev craft, ddev composer, ddev ssh, ddev import-db, ddev xdebug, .ddev/config.yaml, web_extra_exposed_ports, web_extra_daemons, ddev add-on, ddev poweroff, ddev describe. Use when running DDEV commands, configuring local environments, or troubleshooting container issues.