K3 Blockhain Agent Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for K3 blockchain automation, but it can deploy persistent workflows that use AI and connected services to trade, transfer crypto, or write to contracts without hard mandatory guardrails.
Install only if you intend to let the agent design K3 workflows and you are prepared to review every generated workflow before deployment. Treat read-only reporting as lower risk, but require explicit confirmations, spend limits, restricted bot access, and a clear disable path for any workflow that can trade, transfer tokens, write to contracts, or call sensitive external services.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated workflow could move real crypto assets or change on-chain state if configured incorrectly or if the AI condition behaves unexpectedly.
The skill documents workflows where AI-conditioned logic can automatically execute swaps, token transfers, or smart-contract writes. The same section asks about safeguards, but does not require confirmations, spending caps, dry runs, or human approval before deployment.
[Scheduled / Event] → [Read data] → [AI Conditional] → [Uniswap / Token Transfer / Write Smart Contract]
Use read-only workflows by default. For any trade, transfer, or contract write, require explicit user approval, fixed non-AI rules for execution, spending limits, test runs, and a documented pause/rollback path.
A workflow may keep running on a schedule or trigger repeatedly after the initial setup, potentially sending messages or taking blockchain actions until the user notices and disables it.
The skill is explicitly aimed at creating deployed automations. Combined with scheduled/event triggers and possible write actions, this creates persistent behavior without clear required expiry, kill switch, or post-deployment user review.
deployed, running automations that fetch on-chain data, analyze it with AI, and deliver insights
Before deployment, confirm the schedule, trigger, owner, allowed actions, and how to pause/delete the workflow. Prefer expiration dates and monitoring for any workflow with write or trading permissions.
Anyone who can message the bot could potentially influence the AI workflow to query connected services or trigger actions, depending on which tools are attached.
The Telegram chatbot pattern passes external chat messages into an AI agent that can decide which MCP tools to call. The artifacts do not describe sender authentication, allowed chat IDs, tool restrictions, or separation between read-only and write-capable tools.
[Telegram Chatbot trigger] → [AI Agent with tools/MCP] → [Telegram reply]
Restrict the bot to approved users or chat IDs, attach only the minimum read-only tools needed, and require separate confirmation for any action that sends data, trades, transfers tokens, or writes to external systems.
The agent may operate using the permissions and integrations already connected to the user's K3 team, such as data sources, notification channels, or other MCP services.
The required K3 MCP connection gives the agent delegated ability to create, execute, and manage workflows for the user's K3 team. This is expected for the skill, but it is powerful account-level authority.
requires the K3 Development MCP to be connected... tools like generateWorkflow, executeWorkflow, findAgentByFunctionality
Connect only trusted K3 integrations, use least-privilege credentials, and review the exact workflow and connected accounts before allowing execution or deployment.