ClawHub

Liberfi Portfolio

v1.0.0

Analyze wallet portfolios on supported blockchains: view token holdings with current values, track transaction activity and history, check PnL (profit and lo...

0· 30·0 current·0 all-time
by@bombmod
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the instructions: all commands are lfi CLI invocations for wallet holdings, activity, stats, and net-worth. No unrelated services, binaries, or environment variables are requested.
Instruction Scope
Instructions stay on-topic (public wallet commands vs authenticated 'me' commands). They explicitly require the LiberFi CLI and describe auth steps. Note: the SKILL.md tells the agent to run authentication commands (e.g., `lfi login key --role AGENT`) to access the TEE wallet — this is required for 'me' flows but grants the agent access to whatever the CLI credentials permit, so users should only allow it if they trust the agent and environment.
Install Mechanism
Instruction-only skill with no install spec and no downloads. The SKILL.md references a shared bootstrap doc for CLI installation but does not itself pull code or archives.
Credentials
No environment variables, credentials, or config paths are declared. The only sensitive resource is the local LiberFi CLI auth state (JWT/TEE access) which is legitimately needed for 'me' commands; the skill does not ask for unrelated secrets.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or system settings. It allows the agent to run auth commands when invoked; autonomous invocation is permitted by platform defaults but not uniquely escalated by this skill.
Assessment
This skill appears coherent: it calls the LiberFi CLI to fetch public wallet data and, when asked to operate on your own TEE wallet, instructs the agent to perform CLI authentication. Before installing, ensure you have (or are willing to install) the official LiberFi CLI, confirm the skill's provenance (source is 'unknown' in the registry), and only allow the agent to run `lfi login key --role AGENT` or `lfi login` if you trust the agent and the environment — do not share private keys or seed phrases. If you prefer, restrict use to public wallet queries (which do not require auth).

Like a lobster shell, security has layers — review code before you run it.

latestvk9786qeayv4c3az884vvd380gn842xde

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments