Agent skills for the OpenFinance backend โ curated playbooks that teach AI agents how to trade on Polymarket and Hyperliquid, bridge via Relay, and use the user's OpenFinance-managed wallets correctly.
Skills lead with the actual backend routes (/agent/โฆ) and WebSocket
channels, so they're useful whether you're integrating via direct HTTP/WS,
through an SDK, or via the OpenFinance MCP.
# Project-level (recommended โ commit with your codebase)
npx skills add openfinance-tech/skills
# Or global
npx skills add openfinance-tech/skills -g
# Install to a specific agent only
npx skills add openfinance-tech/skills -a claude-codeRequires the CLI from vercel-labs/skills.
| Skill | Triggers on |
|---|---|
openfin-setup |
First-time user, API key check, 401/412 auth errors |
openfin-troubleshooting |
"Why is this failing", allowance errors, RPC issues, setup-incomplete errors |
openfin-polymarket |
Markets, orderbooks, orders, positions/PnL, leaderboard, deposit / withdraw via bridge.polymarket.com |
openfin-hyperliquid |
Perp/spot trading, leverage, TWAP, WS market data, unifiedAccount auto-upgrade |
openfin-relay |
Cross-chain swaps, bridging, Solana routes, bridge+call |
openfin-onchain |
Token metadata, wallet portfolios, balances, USD prices, same-chain transfers |
openfin-onramp |
Fiat โ crypto via Moonpay (cards, global) or Onramp.money (UPI / IMPS, India) |
Skills assume a running OpenFinance backend with embedded wallets provisioned for each user. See openfinance-tech docs for deployment and environment setup.
These skills sign real on-chain transactions on a user's wallet through the OpenFinance backend. Registry auditors flag the trading skills as MEDIUM-risk on that basis, and that flag is correct:
| Auditor | Finding | What it means |
|---|---|---|
Snyk W009 |
"Direct money access capability detected" (risk 1.00) | The skill drives the OpenFinance backend's signing endpoints. Category-based rule โ fires on any signing skill. |
| Socket | SUSPICIOUS MEDIUM |
"Purpose-aligned, no install-chain or malware indicators" but enables real-world asset movement. |
Neither finding identifies a malicious pattern, dependency hazard, or hidden behavior. Both are honest signals that the skills can move funds, which is the whole point.
What's already in place to keep that capability safe:
- Each transactional skill ships an explicit
## Safety contractโ read-only quote first, full disclosure of amounts/chains/fees, explicit per-write user confirmation in chat, no recipient/contract addresses pulled from untrusted content, re-quote on any parameter change. SeeSECURITY.mdfor the repo-wide version. - External recipients require an explicit verbatim warning. The
caller's own wallets (EVM EOA + Solana via
get_wallet_addresses, Polymarket deposit wallet viaget_deposit_wallet) are resolved before any send/bridge/withdraw write; if the destination isn't one of those, the agent surfaces a bold "โ ๏ธ EXTERNAL TRANSFER โ funds cannot be recovered if the address is wrong. Type 'yes' to confirm." and proceeds only on explicit "yes" in the same turn. - No secrets, scripts, or binaries in this repo โ only markdown.
Network calls happen from the agent and the OpenFinance backend, not
from anything installed by
npx skills add.
Found a way these skills could mislead an agent into a write without confirmation? Open an issue.