{ "schemaVersion": "1.0", "item": { "slug": "ethereum-wingman", "name": "Ethereum Wingman", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/jp4g/ethereum-wingman", "canonicalUrl": "https://clawhub.ai/jp4g/ethereum-wingman", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/ethereum-wingman", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=ethereum-wingman", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "AGENTS.md", "SKILL.md", "metadata.json", "references/automation-and-incentives.md", "references/critical-gotchas.md", "references/historical-hacks.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/ethereum-wingman" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/ethereum-wingman", "agentPageUrl": "https://openagent3.xyz/skills/ethereum-wingman/agent", "manifestUrl": "https://openagent3.xyz/skills/ethereum-wingman/agent.json", "briefUrl": "https://openagent3.xyz/skills/ethereum-wingman/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Ethereum Wingman", "body": "Comprehensive Ethereum development guide for AI agents. Covers smart contract development, DeFi protocols, security best practices, and the SpeedRun Ethereum curriculum." }, { "title": "Default Stack: Scaffold-ETH 2 with Fork Mode", "body": "When a user wants to BUILD any Ethereum project, follow these steps:\n\nStep 1: Create Project\n\nnpx create-eth@latest\n# Select: foundry (recommended), target chain, project name\n\nStep 2: Fix Polling Interval\n\nEdit packages/nextjs/scaffold.config.ts and change:\n\npollingInterval: 30000, // Default: 30 seconds (way too slow!)\n\nto:\n\npollingInterval: 3000, // 3 seconds (much better for development)\n\nStep 3: Install & Fork a Live Network\n\ncd \nyarn install\nyarn fork --network base # or mainnet, arbitrum, optimism, polygon\n\nStep 4: Enable Auto Block Mining (REQUIRED!)\n\n# In a new terminal, enable interval mining (1 block/second)\ncast rpc anvil_setIntervalMining 1\n\nWithout this, block.timestamp stays FROZEN and time-dependent logic breaks!\n\nOptional: Make it permanent by editing packages/foundry/package.json to add --block-time 1 to the fork script.\n\nStep 5: Deploy to Local Fork (FREE!)\n\nyarn deploy\n\nStep 6: Start Frontend\n\nyarn start\n\nStep 7: Test the Frontend\n\nAfter the frontend is running, open a browser and test the app:\n\nNavigate to http://localhost:3000\nTake a snapshot to get page elements (burner wallet address is in header)\nClick the faucet to fund the burner wallet with ETH\nTransfer tokens from whales if needed (use burner address from page)\nClick through the app to verify functionality\n\nUse the cursor-browser-extension MCP tools for browser automation.\nSee tools/testing/frontend-testing.md for detailed workflows." }, { "title": "DO NOT:", "body": "Run yarn chain (use yarn fork --network instead!)\nManually run forge init or set up Foundry from scratch\nManually create Next.js projects\nSet up wallet connection manually (SE2 has RainbowKit pre-configured)" }, { "title": "Why Fork Mode?", "body": "yarn chain (WRONG) yarn fork --network base (CORRECT)\n└─ Empty local chain └─ Fork of real Base mainnet\n└─ No protocols └─ Uniswap, Aave, etc. available\n└─ No tokens └─ Real USDC, WETH exist\n└─ Testing in isolation └─ Test against REAL state" }, { "title": "Address Data Available", "body": "Token, protocol, and whale addresses are in data/addresses/:\n\ntokens.json - WETH, USDC, DAI, etc. per chain\nprotocols.json - Uniswap, Aave, Chainlink per chain\nwhales.json - Large token holders for test funding" }, { "title": "THE MOST CRITICAL CONCEPT", "body": "NOTHING IS AUTOMATIC ON ETHEREUM.\n\nSmart contracts cannot execute themselves. There is no cron job, no scheduler, no background process. For EVERY function that \"needs to happen\":\n\nMake it callable by ANYONE (not just admin)\nGive callers a REASON (profit, reward, their own interest)\nMake the incentive SUFFICIENT to cover gas + profit\n\nAlways ask: \"Who calls this function? Why would they pay gas?\"\n\nIf you can't answer this, your function won't get called." }, { "title": "Examples of Proper Incentive Design", "body": "// LIQUIDATIONS: Caller gets bonus collateral\nfunction liquidate(address user) external {\n require(getHealthFactor(user) < 1e18, \"Healthy\");\n uint256 bonus = collateral * 5 / 100; // 5% bonus\n collateralToken.transfer(msg.sender, collateral + bonus);\n}\n\n// YIELD HARVESTING: Caller gets % of harvest\nfunction harvest() external {\n uint256 yield = protocol.claimRewards();\n uint256 callerReward = yield / 100; // 1%\n token.transfer(msg.sender, callerReward);\n}\n\n// CLAIMS: User wants their own tokens\nfunction claimRewards() external {\n uint256 reward = pendingRewards[msg.sender];\n pendingRewards[msg.sender] = 0;\n token.transfer(msg.sender, reward);\n}" }, { "title": "1. Token Decimals Vary", "body": "USDC = 6 decimals, not 18!\n\n// BAD: Assumes 18 decimals - transfers 1 TRILLION USDC!\nuint256 oneToken = 1e18;\n\n// GOOD: Check decimals\nuint256 oneToken = 10 ** token.decimals();\n\nCommon decimals:\n\nUSDC, USDT: 6 decimals\nWBTC: 8 decimals\nMost tokens (DAI, WETH): 18 decimals" }, { "title": "2. ERC-20 Approve Pattern Required", "body": "Contracts cannot pull tokens directly. Two-step process:\n\n// Step 1: User approves\ntoken.approve(spenderContract, amount);\n\n// Step 2: Contract pulls tokens\ntoken.transferFrom(user, address(this), amount);\n\nNever use infinite approvals:\n\n// DANGEROUS\ntoken.approve(spender, type(uint256).max);\n\n// SAFE\ntoken.approve(spender, exactAmount);" }, { "title": "3. No Floating Point in Solidity", "body": "Use basis points (1 bp = 0.01%):\n\n// BAD: This equals 0\nuint256 fivePercent = 5 / 100;\n\n// GOOD: Basis points\nuint256 FEE_BPS = 500; // 5% = 500 basis points\nuint256 fee = (amount * FEE_BPS) / 10000;" }, { "title": "4. Reentrancy Attacks", "body": "External calls can call back into your contract:\n\n// SAFE: Checks-Effects-Interactions pattern\nfunction withdraw() external nonReentrant {\n uint256 bal = balances[msg.sender];\n balances[msg.sender] = 0; // Effect BEFORE interaction\n (bool success,) = msg.sender.call{value: bal}(\"\");\n require(success);\n}\n\nAlways use OpenZeppelin's ReentrancyGuard." }, { "title": "5. Never Use DEX Spot Prices as Oracles", "body": "Flash loans can manipulate spot prices instantly:\n\n// SAFE: Use Chainlink\nfunction getPrice() internal view returns (uint256) {\n (, int256 price,, uint256 updatedAt,) = priceFeed.latestRoundData();\n require(block.timestamp - updatedAt < 3600, \"Stale\");\n require(price > 0, \"Invalid\");\n return uint256(price);\n}" }, { "title": "6. Vault Inflation Attack", "body": "First depositor can steal funds via share manipulation:\n\n// Mitigation: Virtual offset\nfunction convertToShares(uint256 assets) public view returns (uint256) {\n return assets.mulDiv(totalSupply() + 1e3, totalAssets() + 1);\n}" }, { "title": "7. Use SafeERC20", "body": "Some tokens (USDT) don't return bool on transfer:\n\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nusing SafeERC20 for IERC20;\n\ntoken.safeTransfer(to, amount); // Handles non-standard tokens" }, { "title": "Project Structure", "body": "packages/\n├── foundry/ # Smart contracts\n│ ├── contracts/ # Your Solidity files\n│ └── script/ # Deploy scripts\n└── nextjs/\n ├── app/ # React pages\n └── contracts/ # Generated ABIs + externalContracts.ts" }, { "title": "Essential Hooks", "body": "// Read contract data\nconst { data } = useScaffoldReadContract({\n contractName: \"YourContract\",\n functionName: \"greeting\",\n});\n\n// Write to contract\nconst { writeContractAsync } = useScaffoldWriteContract(\"YourContract\");\n\n// Watch events\nuseScaffoldEventHistory({\n contractName: \"YourContract\",\n eventName: \"Transfer\",\n fromBlock: 0n,\n});" }, { "title": "SpeedRun Ethereum Challenges", "body": "Reference these for hands-on learning:\n\nChallengeConceptKey Lesson0: Simple NFTERC-721Minting, metadata, tokenURI1: StakingCoordinationDeadlines, escrow, thresholds2: Token VendorERC-20Approve pattern, buy/sell3: Dice GameRandomnessOn-chain randomness is insecure4: DEXAMMx*y=k formula, slippage5: OraclesPrice FeedsChainlink, manipulation resistance6: LendingCollateralHealth factor, liquidation incentives7: StablecoinsPeggingCDP, over-collateralization8: Prediction MarketsResolutionOutcome determination9: ZK VotingPrivacyZero-knowledge proofs10: MultisigSignaturesThreshold approval11: SVG NFTOn-chain ArtGenerative, base64 encoding" }, { "title": "Uniswap (AMM)", "body": "Constant product formula: x * y = k\nSlippage protection required\nLP tokens represent pool share" }, { "title": "Aave (Lending)", "body": "Supply collateral, borrow assets\nHealth factor = collateral value / debt value\nLiquidation when health factor < 1" }, { "title": "ERC-4626 (Tokenized Vaults)", "body": "Standard interface for yield-bearing vaults\ndeposit/withdraw with share accounting\nProtect against inflation attacks" }, { "title": "Security Review Checklist", "body": "Before deployment, verify:\n\nAccess control on all admin functions\n Reentrancy protection (CEI + nonReentrant)\n Token decimal handling correct\n Oracle manipulation resistant\n Integer overflow handled (0.8+ or SafeMath)\n Return values checked (SafeERC20)\n Input validation present\n Events emitted for state changes\n Incentives designed for maintenance functions" }, { "title": "Response Guidelines", "body": "When helping developers:\n\nFollow the fork workflow - Always use yarn fork, never yarn chain\nAnswer directly - Address their question first\nShow code - Provide working examples\nWarn about gotchas - Proactively mention relevant pitfalls\nReference challenges - Point to SpeedRun Ethereum for practice\nAsk about incentives - For any \"automatic\" function, ask who calls it and why" } ], "body": "Ethereum Wingman\n\nComprehensive Ethereum development guide for AI agents. Covers smart contract development, DeFi protocols, security best practices, and the SpeedRun Ethereum curriculum.\n\nAI AGENT INSTRUCTIONS - READ THIS FIRST\nDefault Stack: Scaffold-ETH 2 with Fork Mode\n\nWhen a user wants to BUILD any Ethereum project, follow these steps:\n\nStep 1: Create Project\n\nnpx create-eth@latest\n# Select: foundry (recommended), target chain, project name\n\n\nStep 2: Fix Polling Interval\n\nEdit packages/nextjs/scaffold.config.ts and change:\n\npollingInterval: 30000, // Default: 30 seconds (way too slow!)\n\n\nto:\n\npollingInterval: 3000, // 3 seconds (much better for development)\n\n\nStep 3: Install & Fork a Live Network\n\ncd \nyarn install\nyarn fork --network base # or mainnet, arbitrum, optimism, polygon\n\n\nStep 4: Enable Auto Block Mining (REQUIRED!)\n\n# In a new terminal, enable interval mining (1 block/second)\ncast rpc anvil_setIntervalMining 1\n\n\nWithout this, block.timestamp stays FROZEN and time-dependent logic breaks!\n\nOptional: Make it permanent by editing packages/foundry/package.json to add --block-time 1 to the fork script.\n\nStep 5: Deploy to Local Fork (FREE!)\n\nyarn deploy\n\n\nStep 6: Start Frontend\n\nyarn start\n\n\nStep 7: Test the Frontend\n\nAfter the frontend is running, open a browser and test the app:\n\nNavigate to http://localhost:3000\nTake a snapshot to get page elements (burner wallet address is in header)\nClick the faucet to fund the burner wallet with ETH\nTransfer tokens from whales if needed (use burner address from page)\nClick through the app to verify functionality\n\nUse the cursor-browser-extension MCP tools for browser automation. See tools/testing/frontend-testing.md for detailed workflows.\n\nDO NOT:\nRun yarn chain (use yarn fork --network instead!)\nManually run forge init or set up Foundry from scratch\nManually create Next.js projects\nSet up wallet connection manually (SE2 has RainbowKit pre-configured)\nWhy Fork Mode?\nyarn chain (WRONG) yarn fork --network base (CORRECT)\n└─ Empty local chain └─ Fork of real Base mainnet\n└─ No protocols └─ Uniswap, Aave, etc. available\n└─ No tokens └─ Real USDC, WETH exist\n└─ Testing in isolation └─ Test against REAL state\n\nAddress Data Available\n\nToken, protocol, and whale addresses are in data/addresses/:\n\ntokens.json - WETH, USDC, DAI, etc. per chain\nprotocols.json - Uniswap, Aave, Chainlink per chain\nwhales.json - Large token holders for test funding\nTHE MOST CRITICAL CONCEPT\n\nNOTHING IS AUTOMATIC ON ETHEREUM.\n\nSmart contracts cannot execute themselves. There is no cron job, no scheduler, no background process. For EVERY function that \"needs to happen\":\n\nMake it callable by ANYONE (not just admin)\nGive callers a REASON (profit, reward, their own interest)\nMake the incentive SUFFICIENT to cover gas + profit\n\nAlways ask: \"Who calls this function? Why would they pay gas?\"\n\nIf you can't answer this, your function won't get called.\n\nExamples of Proper Incentive Design\n// LIQUIDATIONS: Caller gets bonus collateral\nfunction liquidate(address user) external {\n require(getHealthFactor(user) < 1e18, \"Healthy\");\n uint256 bonus = collateral * 5 / 100; // 5% bonus\n collateralToken.transfer(msg.sender, collateral + bonus);\n}\n\n// YIELD HARVESTING: Caller gets % of harvest\nfunction harvest() external {\n uint256 yield = protocol.claimRewards();\n uint256 callerReward = yield / 100; // 1%\n token.transfer(msg.sender, callerReward);\n}\n\n// CLAIMS: User wants their own tokens\nfunction claimRewards() external {\n uint256 reward = pendingRewards[msg.sender];\n pendingRewards[msg.sender] = 0;\n token.transfer(msg.sender, reward);\n}\n\nCritical Gotchas (Memorize These)\n1. Token Decimals Vary\n\nUSDC = 6 decimals, not 18!\n\n// BAD: Assumes 18 decimals - transfers 1 TRILLION USDC!\nuint256 oneToken = 1e18;\n\n// GOOD: Check decimals\nuint256 oneToken = 10 ** token.decimals();\n\n\nCommon decimals:\n\nUSDC, USDT: 6 decimals\nWBTC: 8 decimals\nMost tokens (DAI, WETH): 18 decimals\n2. ERC-20 Approve Pattern Required\n\nContracts cannot pull tokens directly. Two-step process:\n\n// Step 1: User approves\ntoken.approve(spenderContract, amount);\n\n// Step 2: Contract pulls tokens\ntoken.transferFrom(user, address(this), amount);\n\n\nNever use infinite approvals:\n\n// DANGEROUS\ntoken.approve(spender, type(uint256).max);\n\n// SAFE\ntoken.approve(spender, exactAmount);\n\n3. No Floating Point in Solidity\n\nUse basis points (1 bp = 0.01%):\n\n// BAD: This equals 0\nuint256 fivePercent = 5 / 100;\n\n// GOOD: Basis points\nuint256 FEE_BPS = 500; // 5% = 500 basis points\nuint256 fee = (amount * FEE_BPS) / 10000;\n\n4. Reentrancy Attacks\n\nExternal calls can call back into your contract:\n\n// SAFE: Checks-Effects-Interactions pattern\nfunction withdraw() external nonReentrant {\n uint256 bal = balances[msg.sender];\n balances[msg.sender] = 0; // Effect BEFORE interaction\n (bool success,) = msg.sender.call{value: bal}(\"\");\n require(success);\n}\n\n\nAlways use OpenZeppelin's ReentrancyGuard.\n\n5. Never Use DEX Spot Prices as Oracles\n\nFlash loans can manipulate spot prices instantly:\n\n// SAFE: Use Chainlink\nfunction getPrice() internal view returns (uint256) {\n (, int256 price,, uint256 updatedAt,) = priceFeed.latestRoundData();\n require(block.timestamp - updatedAt < 3600, \"Stale\");\n require(price > 0, \"Invalid\");\n return uint256(price);\n}\n\n6. Vault Inflation Attack\n\nFirst depositor can steal funds via share manipulation:\n\n// Mitigation: Virtual offset\nfunction convertToShares(uint256 assets) public view returns (uint256) {\n return assets.mulDiv(totalSupply() + 1e3, totalAssets() + 1);\n}\n\n7. Use SafeERC20\n\nSome tokens (USDT) don't return bool on transfer:\n\nimport \"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol\";\nusing SafeERC20 for IERC20;\n\ntoken.safeTransfer(to, amount); // Handles non-standard tokens\n\nScaffold-ETH 2 Development\nProject Structure\npackages/\n├── foundry/ # Smart contracts\n│ ├── contracts/ # Your Solidity files\n│ └── script/ # Deploy scripts\n└── nextjs/\n ├── app/ # React pages\n └── contracts/ # Generated ABIs + externalContracts.ts\n\nEssential Hooks\n// Read contract data\nconst { data } = useScaffoldReadContract({\n contractName: \"YourContract\",\n functionName: \"greeting\",\n});\n\n// Write to contract\nconst { writeContractAsync } = useScaffoldWriteContract(\"YourContract\");\n\n// Watch events\nuseScaffoldEventHistory({\n contractName: \"YourContract\",\n eventName: \"Transfer\",\n fromBlock: 0n,\n});\n\nSpeedRun Ethereum Challenges\n\nReference these for hands-on learning:\n\nChallenge\tConcept\tKey Lesson\n0: Simple NFT\tERC-721\tMinting, metadata, tokenURI\n1: Staking\tCoordination\tDeadlines, escrow, thresholds\n2: Token Vendor\tERC-20\tApprove pattern, buy/sell\n3: Dice Game\tRandomness\tOn-chain randomness is insecure\n4: DEX\tAMM\tx*y=k formula, slippage\n5: Oracles\tPrice Feeds\tChainlink, manipulation resistance\n6: Lending\tCollateral\tHealth factor, liquidation incentives\n7: Stablecoins\tPegging\tCDP, over-collateralization\n8: Prediction Markets\tResolution\tOutcome determination\n9: ZK Voting\tPrivacy\tZero-knowledge proofs\n10: Multisig\tSignatures\tThreshold approval\n11: SVG NFT\tOn-chain Art\tGenerative, base64 encoding\nDeFi Protocol Patterns\nUniswap (AMM)\nConstant product formula: x * y = k\nSlippage protection required\nLP tokens represent pool share\nAave (Lending)\nSupply collateral, borrow assets\nHealth factor = collateral value / debt value\nLiquidation when health factor < 1\nERC-4626 (Tokenized Vaults)\nStandard interface for yield-bearing vaults\ndeposit/withdraw with share accounting\nProtect against inflation attacks\nSecurity Review Checklist\n\nBefore deployment, verify:\n\n Access control on all admin functions\n Reentrancy protection (CEI + nonReentrant)\n Token decimal handling correct\n Oracle manipulation resistant\n Integer overflow handled (0.8+ or SafeMath)\n Return values checked (SafeERC20)\n Input validation present\n Events emitted for state changes\n Incentives designed for maintenance functions\nResponse Guidelines\n\nWhen helping developers:\n\nFollow the fork workflow - Always use yarn fork, never yarn chain\nAnswer directly - Address their question first\nShow code - Provide working examples\nWarn about gotchas - Proactively mention relevant pitfalls\nReference challenges - Point to SpeedRun Ethereum for practice\nAsk about incentives - For any \"automatic\" function, ask who calls it and why" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/jp4g/ethereum-wingman", "publisherUrl": "https://clawhub.ai/jp4g/ethereum-wingman", "owner": "jp4g", "version": "0.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/ethereum-wingman", "downloadUrl": "https://openagent3.xyz/downloads/ethereum-wingman", "agentUrl": "https://openagent3.xyz/skills/ethereum-wingman/agent", "manifestUrl": "https://openagent3.xyz/skills/ethereum-wingman/agent.json", "briefUrl": "https://openagent3.xyz/skills/ethereum-wingman/agent.md" } }