Indigo Stability
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill appears purpose-aligned for Indigo stability-pool management, but users should verify the external MCP server and review any unsigned financial transaction before signing.
Before installing, confirm you trust the Indigo MCP server you will run. When using the skill, treat every returned CBOR transaction as a financial transaction: inspect the details in your wallet and sign only if the asset, amount, address, and action match your intent.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user signs a generated transaction, it may deposit, withdraw, close, process, or cancel an Indigo stability-pool position.
The skill can prepare financial blockchain transactions for stability-pool creation, adjustment, closure, and request processing. This is purpose-aligned and requires client-side signing, but the user should carefully review each transaction before signing.
All write operations return `{ tx: string }` — unsigned CBOR transaction hex for client-side signing.Only use the management actions for explicit user requests, and verify the asset, amount, address, UTxO, and transaction contents before signing.
The safety and correctness of transaction construction depends partly on the external MCP server the user runs.
The skill depends on an external MCP server that is not included in the artifact set and is not pinned here to a reviewed version. This is expected for an MCP-based skill, but users should verify the server provenance.
Prerequisites - `@indigoprotocol/indigo-mcp` server running
Install the MCP server only from a trusted Indigo Protocol source, prefer a pinned version, and keep it updated.
The MCP server may see the wallet address and stability-pool account details needed to build or query transactions.
The MCP calls use wallet addresses and UTxO identifiers. These are expected for Cardano transaction construction and lookup, but they are still account-related identifiers shared with the MCP server.
`address` | `string` | Yes | User Cardano bech32 address ... `accountTxHash` | `string` | Yes | Account UTxO transaction hash
Use a trusted MCP server and avoid sharing addresses or UTxO details with untrusted services.