ClawHub

Meteora Liquidity Analyst

v1.1.0

Meteora liquidity analyst for OpenClaw. Turns the agent into an expert that queries Meteora public APIs (DLMM, DAMM v1, DAMM v2) in real time to answer quest...

0· 69·0 current·0 all-time
by@angelespinoza
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description claim real-time access to Meteora (DLMM, DAMM v1/v2) public APIs; the SKILL.md contains only endpoint URLs and fetch/curl examples that call those APIs. No credentials, binaries, or unrelated services are requested. Minor note: the skill has no source homepage or repo link in metadata (source: unknown), which reduces external verifiability but does not create an incoherence between purpose and requested resources.
Instruction Scope
Runtime instructions are narrowly scoped to making JSON HTTP requests to the documented public Meteora endpoints, parsing responses, and formatting results for the user. It does not instruct reading local files, secrets, or unrelated environment variables. It explicitly warns not to use webFetch and to prefer native fetch or curl for JSON APIs.
Install Mechanism
No install spec or code files are present (instruction-only skill). This is the lowest-risk install model and consistent with the skill's purpose.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. That aligns with the claim that all APIs are public and require no auth.
Persistence & Privilege
always:false (default) and autonomous invocation allowed (platform default). The skill does not request permanent presence or elevated privileges and does not modify other skills or system settings.
Assessment
This skill appears internally consistent and only makes public API calls to Meteora endpoints, but consider these practical checks before installing: 1) Verify the endpoint domains (dlmm.datapi.meteora.ag, amm-v2.meteora.ag, damm-v2.datapi.meteora.ag) are official Meteora endpoints you trust (absence of a homepage/repo increases the value of doing this). 2) Understand the skill will perform outbound network requests whenever invoked—do not supply private keys, wallets, or other secrets in prompts. 3) Test with harmless queries first (e.g., list pools with a small limit) to confirm responses and rate-limit behavior. 4) If you require stronger assurance, prefer skills with a public source repo or maintainer contact so you can audit or report issues. Overall, functionality is coherent with the description and the lack of credentials/install actions reduces risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cepzqecemkywkmq3pnkfj6h847h7n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments