What you’ll build
The full experience has three parts:- A portfolio app: a Privy app with an embedded wallet per user and a simple frontend to view holdings.
- A Hermes agent on Telegram: the conversational surface where the user talks to their advisor.
- An agent skill: the component that authorizes the agent against the user’s wallet and executes trades on Robinhood Chain.
How it works
The agent uses the OAuth 2.0 Device Authorization Grant, the same pattern GitHub CLI uses for headless login. The user approves once; the agent stores tokens and transacts autonomously within that authorization.Prerequisites
Create the Privy app and a simple frontend
Follow the React quickstart to create a Privy app with an embedded wallet for each user. The frontend only needs to display wallet holdings; the agent handles trading. Note the app ID from the Privy Dashboard; the skill references it as
<your-app-id>.Enable agent authorization and build the verification page
In the Privy Dashboard, open Authentication → Advanced and toggle Enable for CLI and agent access on. Set the Verification URI to a page your app hosts, for example
https://your-app.com/authorize.Build that verification page following Authorized wallet access for self-hosted agents. This is the only browser step in the flow: the user signs in, sees which agent is requesting access, and approves or denies.Spin up a Hermes agent on Telegram
Deploy a Hermes agent and connect its Telegram gateway so users can message it directly. This recipe assumes the agent can run shell commands and load skills, the standard Hermes configuration.
Build the agent skill
A skill is a self-contained folder the agent loads at startup. It teaches the agent when and how to authorize against the user’s wallet and execute trades. The structure:Write the skill definition
SKILL.md tells the agent what the skill does, when to trigger it, and the safety rules it must follow. Replace <your-app-id> and the verification URL with the values from your app.
SKILL.md
Write the auth and trading script
privy_agent.py implements the full device flow and wallet RPC. The script reads the app ID from the PRIVY_APP_ID environment variable, stores tokens in the OS keychain, and signs each RPC request with an ephemeral authorization key it never writes to disk.
scripts/privy_agent.py
Trade on Robinhood Chain
Robinhood Chain is an EVM-compatible chain where tokenized stocks trade as onchain assets. Because it is EVM-compatible, the agent trades on it exactly like any other EVM chain. The only difference is thechain_id.
| Property | Value |
|---|---|
| Chain ID | 4663 |
| CAIP-2 | eip155:4663 |
| Native currency | ETH |
| Testnet ID | 46630 |
eth_sendTransaction RPC that calls the asset’s contract, passing 4663 as the chain_id:
Use the Privy wallet
id (for example, wallet_abc123) in the RPC path, not the on-chain
address. Run status to look up the id.Iterate with the agent over Telegram
Once the skill is installed, the user drives everything from chat. A typical session:Connect the wallet (one time)
User: “Connect my portfolio wallet.”Hermes runs
login in the background, reads the verification link from the log, and
sends it to the user as a consent prompt. The user opens the link, signs in with Privy,
and approves. Hermes reports back with the connected wallet address.Review the portfolio
User: “How’s my portfolio looking today?”Hermes runs
status to confirm access, reads on-chain balances, and summarizes the
current positions and their value.Keep the user in control
- Confirm every trade. The skill’s safety rules require explicit user confirmation before any fund-moving RPC. Show the asset, amount, and chain before executing.
- Revoke anytime. Users can list and revoke active agent authorizations from the app’s account settings. See managing authorizations. Running
logoutlocally drops the agent’s tokens; its access then dies within 15 minutes since nothing can refresh it. - Constrain with policies. Attach policies to the wallet to enforce transfer limits, allowlists, and time-based controls at the infrastructure layer. These guardrails hold even if the agent misbehaves.
Extensions
The same wallet the agent uses to trade can also pay for the data behind its decisions. A natural next step is to let the agent buy financial research on demand through x402, the HTTP-native payment protocol for agents. With x402, the agent pays per request for a resource and receives the response in the same round trip. No subscription, no API key to manage. Services like DripStack expose market data and research reports behind x402 paywalls, so the agent can pull a fresh analyst report or price feed the moment a user asks about a position, and settle the micropayment from the same Privy wallet. A typical flow:- The user asks the agent for a view on a stock before trading.
- The agent calls an x402-protected research endpoint and pays the quoted price from the wallet.
- The agent folds the research into its recommendation, then executes the trade on Robinhood Chain if the user confirms.
Learn more
Agent authorization
The full device-flow API reference this skill is built on.
Agent CLI
Give any agent a wallet with a CLI command. No integration code needed.
Policies
Constrain agent behavior with transfer limits, allowlists, and time-based controls.
Agentic wallets
Create developer-controlled agent wallets with policy guardrails.
x402 payments
Let the agent pay per request for research and other APIs.

