{ "schemaVersion": "1.0", "item": { "slug": "wallet-skills", "name": "Sponge Wallet", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/rishabluthra/wallet-skills", "canonicalUrl": "https://clawhub.ai/rishabluthra/wallet-skills", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/wallet-skills", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=wallet-skills", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/wallet-skills" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/wallet-skills", "agentPageUrl": "https://openagent3.xyz/skills/wallet-skills/agent", "manifestUrl": "https://openagent3.xyz/skills/wallet-skills/agent.json", "briefUrl": "https://openagent3.xyz/skills/wallet-skills/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Sponge Wallet API - Agent Skills Guide", "body": "This skill is doc-only. There is no local CLI. Agents must call the Sponge Wallet REST API directly." }, { "title": "Why the steps matter (short rationale)", "body": "Register vs login: agents create a new managed wallet tied to a human owner. That owner must explicitly claim the agent. Login is only for humans who already have an account.\nClaim URL: ensures the human owner explicitly links the agent to their account and controls allowlists/funding.\nCredential persistence: the apiKey is returned once (immediately for agent-first mode, or after device approval for standard mode). If you lose it, you must re-register or re-authenticate." }, { "title": "Standard credential storage (required)", "body": "Store the API key in one canonical location:\n\n~/.spongewallet/credentials.json\n\nRecommended file contents:\n\n{\n \"apiKey\": \"sponge_live_...\",\n \"claimCode\": \"ABCD-1234\",\n \"claimUrl\": \"https://wallet.paysponge.com/device?code=ABCD-1234\"\n}\n\nOptional environment export (runtime convenience):\n\nexport SPONGE_API_KEY=\"$(jq -r .apiKey ~/.spongewallet/credentials.json)\"" }, { "title": "Base URL & Auth", "body": "Base URL: https://api.wallet.paysponge.com\nAuth header: Authorization: Bearer \nContent-Type: application/json\n\nQuick env setup:\n\nexport SPONGE_API_URL=\"https://api.wallet.paysponge.com\"\nexport SPONGE_API_KEY=\"$(jq -r .apiKey ~/.spongewallet/credentials.json)\"" }, { "title": "1) Agent Registration (AI agents only)", "body": "There are two modes:\n\nStandard device flow (default): human must approve before the API key is returned.\nAgent-first (agentFirst: true): agent receives the API key immediately, and the human can claim later.\n\nStep 1 — Start registration (agent-first recommended)\n\ncurl -sS -X POST \"$SPONGE_API_URL/api/agents/register\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"name\":\"YourAgentName\",\n \"agentFirst\": true,\n \"testnet\": true\n }'\n\nResponse includes:\n\nverificationUriComplete (claim URL for the human owner)\nclaimCode, deviceCode, expiresIn, interval, claimText\napiKey (returned immediately in agent-first mode)\n\nStore apiKey, claimCode, and verificationUriComplete (as claimUrl) in ~/.spongewallet/credentials.json so a human can claim later if context resets.\n\nStep 2 — Send the claim URL to the human owner\nThey log in, optionally post the tweet text, and approve the agent.\n\nClaim link format:\n\nverificationUriComplete (example path: /device?code=ABCD-1234)\nThe base URL is the frontend (prod or local), so just pass the full verificationUriComplete to the human.\n\nStep 3 — Poll for completion (standard device flow only)\n\ncurl -sS -X POST \"$SPONGE_API_URL/api/oauth/device/token\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"grantType\":\"urn:ietf:params:oauth:grant-type:device_code\",\n \"deviceCode\":\"\",\n \"clientId\":\"spongewallet-skill\"\n }'\n\nOn success, the response includes apiKey. Save it to ~/.spongewallet/credentials.json and use it as SPONGE_API_KEY.\n\nNote: In agent-first mode, you already have the apiKey from Step 1. The device token will remain pending until the human claims." }, { "title": "2) Human Login (existing accounts only)", "body": "Phase 1 — Request device code\n\ncurl -sS -X POST \"$SPONGE_API_URL/api/oauth/device/authorization\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"clientId\":\"spongewallet-skill\",\n \"scope\":\"wallet:read wallet:write transaction:sign transaction:write\"\n }'\n\nPhase 2 — Poll for token (same endpoint as agents)\n\ncurl -sS -X POST \"$SPONGE_API_URL/api/oauth/device/token\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"grantType\":\"urn:ietf:params:oauth:grant-type:device_code\",\n \"deviceCode\":\"\",\n \"clientId\":\"spongewallet-skill\"\n }'" }, { "title": "Tool Call Pattern", "body": "All tool calls are plain REST requests with JSON payloads.\n\nCommon headers\n\n-H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n-H \"Content-Type: application/json\" \\\n-H \"Accept: application/json\"\n\nAgent ID note: agentId is optional for API key auth. It is only required when using a user session (e.g., Privy-based auth) or when explicitly operating on a different agent." }, { "title": "Tool -> Endpoint Map", "body": "ToolMethodPathParams/Bodyget_balanceGET/api/balancesQuery: chain, allowedChains, onlyUsdcget_solana_tokensGET/api/solana/tokensQuery: chainsearch_solana_tokensGET/api/solana/tokens/searchQuery: query, limitevm_transferPOST/api/transfers/evmBody: chain, to, amount, currencysolana_transferPOST/api/transfers/solanaBody: chain, to, amount, currencysolana_swapPOST/api/transactions/swapBody: chain, inputToken, outputToken, amount, slippageBpsbase_swapPOST/api/transactions/base-swapBody: chain, inputToken, outputToken, amount, slippageBpsbridgePOST/api/transactions/bridgeBody: sourceChain, destinationChain, token, amount, destinationToken, recipientAddressget_transaction_statusGET/api/transactions/status/{txHash}Query: chainget_transaction_historyGET/api/transactions/historyQuery: limit, chainrequest_fundingPOST/api/funding-requestsBody: amount, reason, chain, currencywithdraw_to_main_walletPOST/api/wallets/withdraw-to-mainBody: chain, amount, currencyx402_fetchPOST/api/x402/fetchBody: url, method, headers, body, preferred_chaindiscover_x402_servicesGET/api/x402/discoverQuery: type, limit, offset, include_catalogpolymarketPOST/api/polymarketBody: action, + action-specific params (see below)amazon_checkoutPOST/api/checkoutBody: checkoutUrl, amazonAccountId, shippingAddress, dryRun, clearCartget_checkout_statusGET/api/checkout/{sessionId}Query: agentId (optional)get_checkout_historyGET/api/checkout/historyQuery: agentId, limit, offsetamazon_searchPOST/api/checkout/amazon-searchBody: query, maxResults, region\n\nNote: request bodies use camelCase (e.g., inputToken, slippageBps)." }, { "title": "Polymarket Actions", "body": "The polymarket endpoint is a unified tool. Pass action plus action-specific parameters:\n\nActionDescriptionRequired ParamsOptional ParamsstatusCheck Polymarket account status and USDC.e balance——marketsSearch prediction markets—query, limitpositionsView current market positions——ordersView open and recent orders——orderPlace a buy/sell orderoutcome, side, size, pricemarket_slug or token_id, order_typecancelCancel an open orderorder_id—set_allowancesReset token approvals——withdrawWithdraw USDC.e from Safe to any addressto_address, amount—\n\nOrder params:\n\nmarket_slug: Market URL slug (e.g., \"will-bitcoin-hit-100k\") — use this OR token_id\ntoken_id: Polymarket condition token ID — use this OR market_slug\noutcome: \"yes\" or \"no\"\nside: \"buy\" or \"sell\"\nsize: Number of shares (e.g., 10)\nprice: Probability price 0.0–1.0 (e.g., 0.65 = 65 cents per share)\norder_type: \"GTC\" (default), \"GTD\", \"FOK\", \"FAK\"\n\nScopes: Trade actions (order, cancel, set_allowances, withdraw) require polymarket:trade scope. Read actions (status, markets, positions, orders) require polymarket:read.\n\nAuto-provisioning: The Polymarket Safe wallet is created automatically on first use. No manual setup needed." }, { "title": "Amazon Checkout", "body": "Purchase products from Amazon using a configured Amazon account.\n\nPrerequisites:\n\nAn Amazon account must be configured via the dashboard or /api/agents/:id/amazon-accounts endpoints\nA shipping address must be set (inline or via /api/agents/:id/shipping-addresses)\n\nAsync workflow:\n\nInitiate checkout with POST /api/checkout — returns a sessionId\nWait ~60 seconds for the initial checkout process\nPoll GET /api/checkout/:sessionId every 10 seconds until status is completed or failed\n\nStatus progression: pending → in_progress → completed | failed | cancelled\n\nKey options:\n\ndryRun: true — stops before placing the order (useful for testing or previewing total cost)\nclearCart: true — clears the Amazon cart before adding the product (default behavior)\n\nScopes: Checkout actions require amazon_checkout scope on the API key." }, { "title": "1) Register (agents only)", "body": "curl -sS -X POST \"$SPONGE_API_URL/api/agents/register\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"name\":\"YourAgentName\",\n \"agentFirst\": true,\n \"testnet\": true\n }'\n\nShare the claim URL with your human, then store the apiKey immediately (agent-first). For standard device flow, poll for the token after approval." }, { "title": "2) Check balance", "body": "curl -sS \"$SPONGE_API_URL/api/balances?chain=base\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Accept: application/json\"" }, { "title": "3) Transfer USDC on Base", "body": "curl -sS -X POST \"$SPONGE_API_URL/api/transfers/evm\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chain\":\"base\",\n \"to\":\"0x...\",\n \"amount\":\"10\",\n \"currency\":\"USDC\"\n }'" }, { "title": "Swap tokens on Solana", "body": "curl -sS -X POST \"$SPONGE_API_URL/api/transactions/swap\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chain\":\"solana\",\n \"inputToken\":\"SOL\",\n \"outputToken\":\"BONK\",\n \"amount\":\"0.5\",\n \"slippageBps\":100\n }'" }, { "title": "Swap tokens on Base", "body": "curl -sS -X POST \"$SPONGE_API_URL/api/transactions/base-swap\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chain\":\"base\",\n \"inputToken\":\"ETH\",\n \"outputToken\":\"USDC\",\n \"amount\":\"0.1\",\n \"slippageBps\":50\n }'" }, { "title": "Bridge tokens cross-chain", "body": "curl -sS -X POST \"$SPONGE_API_URL/api/transactions/bridge\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"sourceChain\":\"solana\",\n \"destinationChain\":\"base\",\n \"token\":\"SOL\",\n \"amount\":\"0.1\",\n \"destinationToken\":\"ETH\"\n }'" }, { "title": "Check transaction status", "body": "curl -sS \"$SPONGE_API_URL/api/transactions/status/0xabc123...?chain=base\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Accept: application/json\"" }, { "title": "Polymarket — Check status", "body": "curl -sS -X POST \"$SPONGE_API_URL/api/polymarket\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"action\":\"status\"}'" }, { "title": "Polymarket — Search markets", "body": "curl -sS -X POST \"$SPONGE_API_URL/api/polymarket\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"action\":\"markets\",\"query\":\"bitcoin\",\"limit\":5}'" }, { "title": "Polymarket — Place an order", "body": "curl -sS -X POST \"$SPONGE_API_URL/api/polymarket\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"action\":\"order\",\n \"market_slug\":\"will-bitcoin-hit-100k\",\n \"outcome\":\"yes\",\n \"side\":\"buy\",\n \"size\":10,\n \"price\":0.65\n }'" }, { "title": "Polymarket — View positions", "body": "curl -sS -X POST \"$SPONGE_API_URL/api/polymarket\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"action\":\"positions\"}'" }, { "title": "Polymarket — Withdraw USDC.e", "body": "curl -sS -X POST \"$SPONGE_API_URL/api/polymarket\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"action\":\"withdraw\",\n \"to_address\":\"0x...\",\n \"amount\":\"10.00\"\n }'" }, { "title": "Amazon Checkout — Initiate purchase", "body": "curl -sS -X POST \"$SPONGE_API_URL/api/checkout\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"checkoutUrl\":\"https://www.amazon.com/dp/B0EXAMPLE\",\n \"dryRun\":true,\n \"clearCart\":true\n }'" }, { "title": "Amazon Checkout — Poll status", "body": "curl -sS \"$SPONGE_API_URL/api/checkout/\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Accept: application/json\"" }, { "title": "Amazon Checkout — Get history", "body": "curl -sS \"$SPONGE_API_URL/api/checkout/history?limit=10\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Accept: application/json\"" }, { "title": "Amazon — Search products", "body": "curl -sS -X POST \"$SPONGE_API_URL/api/checkout/amazon-search\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"query\":\"wireless mouse\",\"maxResults\":5}'" }, { "title": "x402 Fetch (auto-pay for paid APIs)", "body": "curl -sS -X POST \"$SPONGE_API_URL/api/x402/fetch\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"url\":\"https://api.paysponge.com/api/services/purchase/svc_abc123/polymarket/markets?search=bitcoin&limit=5\",\n \"method\":\"GET\",\n \"preferred_chain\":\"base\"\n }'\n\nThe x402_fetch tool handles the entire payment flow automatically:\n\nMakes the HTTP request to the specified URL\nIf the service returns 402 Payment Required, extracts payment requirements\nCreates and signs a USDC payment using the agent's wallet (Base or Solana)\nRetries the request with the Payment-Signature header\nReturns the final API response with payment_made and payment_details" }, { "title": "Discover x402 services (Bazaar)", "body": "curl -sS \"$SPONGE_API_URL/api/x402/discover?limit=10\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Accept: application/json\"\n\nReturns available x402-enabled services from the Bazaar and Sponge's curated catalog. Use this to find paid APIs before calling x402_fetch." }, { "title": "Chain Reference", "body": "Test keys (sponge_test_*): sepolia, base-sepolia, solana-devnet, tempo\nLive keys (sponge_live_*): ethereum, base, solana" }, { "title": "Error Responses", "body": "Errors return JSON with an error message and HTTP status:\n\n{\"error\":\"message\"}\n\nStatusMeaningCommon Cause400Bad RequestMissing/invalid fields401UnauthorizedMissing or invalid API key403ForbiddenAddress not in allowlist or permission denied404Not FoundResource does not exist409ConflictDuplicate action429Rate LimitedToo many requests (back off + retry)500Server ErrorTransient; retry later" }, { "title": "Security", "body": "Never share your API key in logs, posts, or screenshots.\nStore your API key in ~/.spongewallet/credentials.json and restrict file permissions.\nRotate the key if exposure is suspected.\n\nBuilt for agents." } ], "body": "SPONGE WALLET API QUICK REFERENCE v1.0.0\nBase: https://api.wallet.paysponge.com\nAuth: Authorization: Bearer \nDocs: This file is canonical (skills guide + params)\n\nKey endpoints:\n POST /api/agents/register -> register (no auth)\n POST /api/oauth/device/authorization -> device login start (humans)\n POST /api/oauth/device/token -> device token poll (agents + humans)\n GET /api/balances -> get balances (includes Polymarket USDC.e)\n POST /api/transfers/evm -> EVM transfer (ETH/USDC)\n POST /api/transfers/solana -> Solana transfer (SOL/USDC)\n POST /api/transactions/swap -> Solana swap\n POST /api/transactions/base-swap -> Base swap (0x)\n POST /api/transactions/bridge -> Bridge (deBridge)\n GET /api/solana/tokens -> list SPL tokens\n GET /api/solana/tokens/search -> search Jupiter token list\n GET /api/transactions/status/:txHash -> transaction status\n GET /api/transactions/history -> transaction history\n POST /api/funding-requests -> request funding from owner\n POST /api/wallets/withdraw-to-main -> withdraw to owner\n POST /api/x402/fetch -> x402 fetch (auto-pay 402s)\n GET /api/x402/discover -> discover x402 services (Bazaar)\n POST /api/polymarket -> Polymarket prediction market trading\n POST /api/checkout -> Amazon checkout (initiate purchase)\n GET /api/checkout/:sessionId -> checkout status\n DELETE /api/checkout/:sessionId -> cancel checkout\n GET /api/checkout/history -> checkout history\n POST /api/checkout/amazon-search -> search Amazon products\n\nRules: use register (agents), never login | store key in ~/.spongewallet/credentials.json | requests are JSON\nErrors: HTTP status + JSON error message\n\nSponge Wallet API - Agent Skills Guide\n\nThis skill is doc-only. There is no local CLI. Agents must call the Sponge Wallet REST API directly.\n\nWhy the steps matter (short rationale)\nRegister vs login: agents create a new managed wallet tied to a human owner. That owner must explicitly claim the agent. Login is only for humans who already have an account.\nClaim URL: ensures the human owner explicitly links the agent to their account and controls allowlists/funding.\nCredential persistence: the apiKey is returned once (immediately for agent-first mode, or after device approval for standard mode). If you lose it, you must re-register or re-authenticate.\nStandard credential storage (required)\n\nStore the API key in one canonical location:\n\n~/.spongewallet/credentials.json\n\nRecommended file contents:\n\n{\n \"apiKey\": \"sponge_live_...\",\n \"claimCode\": \"ABCD-1234\",\n \"claimUrl\": \"https://wallet.paysponge.com/device?code=ABCD-1234\"\n}\n\n\nOptional environment export (runtime convenience):\n\nexport SPONGE_API_KEY=\"$(jq -r .apiKey ~/.spongewallet/credentials.json)\"\n\nBase URL & Auth\nBase URL: https://api.wallet.paysponge.com\nAuth header: Authorization: Bearer \nContent-Type: application/json\n\nQuick env setup:\n\nexport SPONGE_API_URL=\"https://api.wallet.paysponge.com\"\nexport SPONGE_API_KEY=\"$(jq -r .apiKey ~/.spongewallet/credentials.json)\"\n\nCRITICAL: AI Agents Must Use register, NOT login\n1) Agent Registration (AI agents only)\n\nThere are two modes:\n\nStandard device flow (default): human must approve before the API key is returned.\nAgent-first (agentFirst: true): agent receives the API key immediately, and the human can claim later.\n\nStep 1 — Start registration (agent-first recommended)\n\ncurl -sS -X POST \"$SPONGE_API_URL/api/agents/register\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"name\":\"YourAgentName\",\n \"agentFirst\": true,\n \"testnet\": true\n }'\n\n\nResponse includes:\n\nverificationUriComplete (claim URL for the human owner)\nclaimCode, deviceCode, expiresIn, interval, claimText\napiKey (returned immediately in agent-first mode)\n\nStore apiKey, claimCode, and verificationUriComplete (as claimUrl) in ~/.spongewallet/credentials.json so a human can claim later if context resets.\n\nStep 2 — Send the claim URL to the human owner They log in, optionally post the tweet text, and approve the agent.\n\nClaim link format:\n\nverificationUriComplete (example path: /device?code=ABCD-1234)\nThe base URL is the frontend (prod or local), so just pass the full verificationUriComplete to the human.\n\nStep 3 — Poll for completion (standard device flow only)\n\ncurl -sS -X POST \"$SPONGE_API_URL/api/oauth/device/token\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"grantType\":\"urn:ietf:params:oauth:grant-type:device_code\",\n \"deviceCode\":\"\",\n \"clientId\":\"spongewallet-skill\"\n }'\n\n\nOn success, the response includes apiKey. Save it to ~/.spongewallet/credentials.json and use it as SPONGE_API_KEY.\n\nNote: In agent-first mode, you already have the apiKey from Step 1. The device token will remain pending until the human claims.\n\n2) Human Login (existing accounts only)\n\nPhase 1 — Request device code\n\ncurl -sS -X POST \"$SPONGE_API_URL/api/oauth/device/authorization\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"clientId\":\"spongewallet-skill\",\n \"scope\":\"wallet:read wallet:write transaction:sign transaction:write\"\n }'\n\n\nPhase 2 — Poll for token (same endpoint as agents)\n\ncurl -sS -X POST \"$SPONGE_API_URL/api/oauth/device/token\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"grantType\":\"urn:ietf:params:oauth:grant-type:device_code\",\n \"deviceCode\":\"\",\n \"clientId\":\"spongewallet-skill\"\n }'\n\nTool Call Pattern\n\nAll tool calls are plain REST requests with JSON payloads.\n\nCommon headers\n\n-H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n-H \"Content-Type: application/json\" \\\n-H \"Accept: application/json\"\n\n\nAgent ID note: agentId is optional for API key auth. It is only required when using a user session (e.g., Privy-based auth) or when explicitly operating on a different agent.\n\nTool -> Endpoint Map\nTool\tMethod\tPath\tParams/Body\nget_balance\tGET\t/api/balances\tQuery: chain, allowedChains, onlyUsdc\nget_solana_tokens\tGET\t/api/solana/tokens\tQuery: chain\nsearch_solana_tokens\tGET\t/api/solana/tokens/search\tQuery: query, limit\nevm_transfer\tPOST\t/api/transfers/evm\tBody: chain, to, amount, currency\nsolana_transfer\tPOST\t/api/transfers/solana\tBody: chain, to, amount, currency\nsolana_swap\tPOST\t/api/transactions/swap\tBody: chain, inputToken, outputToken, amount, slippageBps\nbase_swap\tPOST\t/api/transactions/base-swap\tBody: chain, inputToken, outputToken, amount, slippageBps\nbridge\tPOST\t/api/transactions/bridge\tBody: sourceChain, destinationChain, token, amount, destinationToken, recipientAddress\nget_transaction_status\tGET\t/api/transactions/status/{txHash}\tQuery: chain\nget_transaction_history\tGET\t/api/transactions/history\tQuery: limit, chain\nrequest_funding\tPOST\t/api/funding-requests\tBody: amount, reason, chain, currency\nwithdraw_to_main_wallet\tPOST\t/api/wallets/withdraw-to-main\tBody: chain, amount, currency\nx402_fetch\tPOST\t/api/x402/fetch\tBody: url, method, headers, body, preferred_chain\ndiscover_x402_services\tGET\t/api/x402/discover\tQuery: type, limit, offset, include_catalog\npolymarket\tPOST\t/api/polymarket\tBody: action, + action-specific params (see below)\namazon_checkout\tPOST\t/api/checkout\tBody: checkoutUrl, amazonAccountId, shippingAddress, dryRun, clearCart\nget_checkout_status\tGET\t/api/checkout/{sessionId}\tQuery: agentId (optional)\nget_checkout_history\tGET\t/api/checkout/history\tQuery: agentId, limit, offset\namazon_search\tPOST\t/api/checkout/amazon-search\tBody: query, maxResults, region\n\nNote: request bodies use camelCase (e.g., inputToken, slippageBps).\n\nPolymarket Actions\n\nThe polymarket endpoint is a unified tool. Pass action plus action-specific parameters:\n\nAction\tDescription\tRequired Params\tOptional Params\nstatus\tCheck Polymarket account status and USDC.e balance\t—\t—\nmarkets\tSearch prediction markets\t—\tquery, limit\npositions\tView current market positions\t—\t—\norders\tView open and recent orders\t—\t—\norder\tPlace a buy/sell order\toutcome, side, size, price\tmarket_slug or token_id, order_type\ncancel\tCancel an open order\torder_id\t—\nset_allowances\tReset token approvals\t—\t—\nwithdraw\tWithdraw USDC.e from Safe to any address\tto_address, amount\t—\n\nOrder params:\n\nmarket_slug: Market URL slug (e.g., \"will-bitcoin-hit-100k\") — use this OR token_id\ntoken_id: Polymarket condition token ID — use this OR market_slug\noutcome: \"yes\" or \"no\"\nside: \"buy\" or \"sell\"\nsize: Number of shares (e.g., 10)\nprice: Probability price 0.0–1.0 (e.g., 0.65 = 65 cents per share)\norder_type: \"GTC\" (default), \"GTD\", \"FOK\", \"FAK\"\n\nScopes: Trade actions (order, cancel, set_allowances, withdraw) require polymarket:trade scope. Read actions (status, markets, positions, orders) require polymarket:read.\n\nAuto-provisioning: The Polymarket Safe wallet is created automatically on first use. No manual setup needed.\n\nAmazon Checkout\n\nPurchase products from Amazon using a configured Amazon account.\n\nPrerequisites:\n\nAn Amazon account must be configured via the dashboard or /api/agents/:id/amazon-accounts endpoints\nA shipping address must be set (inline or via /api/agents/:id/shipping-addresses)\n\nAsync workflow:\n\nInitiate checkout with POST /api/checkout — returns a sessionId\nWait ~60 seconds for the initial checkout process\nPoll GET /api/checkout/:sessionId every 10 seconds until status is completed or failed\n\nStatus progression: pending → in_progress → completed | failed | cancelled\n\nKey options:\n\ndryRun: true — stops before placing the order (useful for testing or previewing total cost)\nclearCart: true — clears the Amazon cart before adding the product (default behavior)\n\nScopes: Checkout actions require amazon_checkout scope on the API key.\n\nQuick Start\n1) Register (agents only)\ncurl -sS -X POST \"$SPONGE_API_URL/api/agents/register\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"name\":\"YourAgentName\",\n \"agentFirst\": true,\n \"testnet\": true\n }'\n\n\nShare the claim URL with your human, then store the apiKey immediately (agent-first). For standard device flow, poll for the token after approval.\n\n2) Check balance\ncurl -sS \"$SPONGE_API_URL/api/balances?chain=base\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Accept: application/json\"\n\n3) Transfer USDC on Base\ncurl -sS -X POST \"$SPONGE_API_URL/api/transfers/evm\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chain\":\"base\",\n \"to\":\"0x...\",\n \"amount\":\"10\",\n \"currency\":\"USDC\"\n }'\n\nExamples\nSwap tokens on Solana\ncurl -sS -X POST \"$SPONGE_API_URL/api/transactions/swap\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chain\":\"solana\",\n \"inputToken\":\"SOL\",\n \"outputToken\":\"BONK\",\n \"amount\":\"0.5\",\n \"slippageBps\":100\n }'\n\nSwap tokens on Base\ncurl -sS -X POST \"$SPONGE_API_URL/api/transactions/base-swap\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chain\":\"base\",\n \"inputToken\":\"ETH\",\n \"outputToken\":\"USDC\",\n \"amount\":\"0.1\",\n \"slippageBps\":50\n }'\n\nBridge tokens cross-chain\ncurl -sS -X POST \"$SPONGE_API_URL/api/transactions/bridge\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"sourceChain\":\"solana\",\n \"destinationChain\":\"base\",\n \"token\":\"SOL\",\n \"amount\":\"0.1\",\n \"destinationToken\":\"ETH\"\n }'\n\nCheck transaction status\ncurl -sS \"$SPONGE_API_URL/api/transactions/status/0xabc123...?chain=base\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Accept: application/json\"\n\nPolymarket — Check status\ncurl -sS -X POST \"$SPONGE_API_URL/api/polymarket\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"action\":\"status\"}'\n\nPolymarket — Search markets\ncurl -sS -X POST \"$SPONGE_API_URL/api/polymarket\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"action\":\"markets\",\"query\":\"bitcoin\",\"limit\":5}'\n\nPolymarket — Place an order\ncurl -sS -X POST \"$SPONGE_API_URL/api/polymarket\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"action\":\"order\",\n \"market_slug\":\"will-bitcoin-hit-100k\",\n \"outcome\":\"yes\",\n \"side\":\"buy\",\n \"size\":10,\n \"price\":0.65\n }'\n\nPolymarket — View positions\ncurl -sS -X POST \"$SPONGE_API_URL/api/polymarket\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"action\":\"positions\"}'\n\nPolymarket — Withdraw USDC.e\ncurl -sS -X POST \"$SPONGE_API_URL/api/polymarket\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"action\":\"withdraw\",\n \"to_address\":\"0x...\",\n \"amount\":\"10.00\"\n }'\n\nAmazon Checkout — Initiate purchase\ncurl -sS -X POST \"$SPONGE_API_URL/api/checkout\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"checkoutUrl\":\"https://www.amazon.com/dp/B0EXAMPLE\",\n \"dryRun\":true,\n \"clearCart\":true\n }'\n\nAmazon Checkout — Poll status\ncurl -sS \"$SPONGE_API_URL/api/checkout/\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Accept: application/json\"\n\nAmazon Checkout — Get history\ncurl -sS \"$SPONGE_API_URL/api/checkout/history?limit=10\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Accept: application/json\"\n\nAmazon — Search products\ncurl -sS -X POST \"$SPONGE_API_URL/api/checkout/amazon-search\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"query\":\"wireless mouse\",\"maxResults\":5}'\n\nx402 Fetch (auto-pay for paid APIs)\ncurl -sS -X POST \"$SPONGE_API_URL/api/x402/fetch\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"url\":\"https://api.paysponge.com/api/services/purchase/svc_abc123/polymarket/markets?search=bitcoin&limit=5\",\n \"method\":\"GET\",\n \"preferred_chain\":\"base\"\n }'\n\n\nThe x402_fetch tool handles the entire payment flow automatically:\n\nMakes the HTTP request to the specified URL\nIf the service returns 402 Payment Required, extracts payment requirements\nCreates and signs a USDC payment using the agent's wallet (Base or Solana)\nRetries the request with the Payment-Signature header\nReturns the final API response with payment_made and payment_details\nDiscover x402 services (Bazaar)\ncurl -sS \"$SPONGE_API_URL/api/x402/discover?limit=10\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Accept: application/json\"\n\n\nReturns available x402-enabled services from the Bazaar and Sponge's curated catalog. Use this to find paid APIs before calling x402_fetch.\n\nChain Reference\n\nTest keys (sponge_test_*): sepolia, base-sepolia, solana-devnet, tempo Live keys (sponge_live_*): ethereum, base, solana\n\nError Responses\n\nErrors return JSON with an error message and HTTP status:\n\n{\"error\":\"message\"}\n\nStatus\tMeaning\tCommon Cause\n400\tBad Request\tMissing/invalid fields\n401\tUnauthorized\tMissing or invalid API key\n403\tForbidden\tAddress not in allowlist or permission denied\n404\tNot Found\tResource does not exist\n409\tConflict\tDuplicate action\n429\tRate Limited\tToo many requests (back off + retry)\n500\tServer Error\tTransient; retry later\nSecurity\nNever share your API key in logs, posts, or screenshots.\nStore your API key in ~/.spongewallet/credentials.json and restrict file permissions.\nRotate the key if exposure is suspected.\n\nBuilt for agents." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/rishabluthra/wallet-skills", "publisherUrl": "https://clawhub.ai/rishabluthra/wallet-skills", "owner": "rishabluthra", "version": "0.1.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/wallet-skills", "downloadUrl": "https://openagent3.xyz/downloads/wallet-skills", "agentUrl": "https://openagent3.xyz/skills/wallet-skills/agent", "manifestUrl": "https://openagent3.xyz/skills/wallet-skills/agent.json", "briefUrl": "https://openagent3.xyz/skills/wallet-skills/agent.md" } }