Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Pacman Hedera DeFi AI Agent
v5.0.1Autonomous AI agent for DeFi on Hedera — natural language trading, portfolio management, Power Law BTC rebalancing, HCS signal publishing, limit orders, stak...
⭐ 1· 69·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (Hedera DeFi agent) aligns with required env vars PRIVATE_KEY and HEDERA_ACCOUNT_ID and the declared need for python. However the SKILL.md claims it drives a local ./launch.sh that installs 'uv' and runs python -m cli.main — but the registry package contains no launch.sh or Python code. That mismatch suggests the skill cannot actually perform what it promises as-is, or that it expects to download/assemble code at runtime (not declared).
Instruction Scope
SKILL.md contains detailed runtime instructions and guardrails (e.g., never perform writes without explicit approval), and claims to enforce/require a .env and local data/config under ./data/.env. It also promises that credentials remain local and only Hedera/SaucerSwap endpoints are contacted, but this cannot be verified from the package contents. The file instructs running local installers and a Python CLI that don't exist in the bundle — this is a scope mismatch and could result in on-demand downloads or opaque behavior at runtime.
Install Mechanism
There is no declared install spec in the registry (instruction-only), but SKILL.md explicitly says a launcher will install 'uv' on first run and dispatch to Python code. Because no install steps are recorded in the registry and no code files are present, it implies either (a) required files are missing from the published package, or (b) the runtime will fetch and execute external code. Both cases raise risk: missing files means the skill is incomplete; fetching arbitrary code at runtime is higher risk and not auditable from the registry.
Credentials
The requested env vars (PRIVATE_KEY, HEDERA_ACCOUNT_ID, PACMAN_NETWORK) are consistent with a DeFi agent that must sign transactions on Hedera. That said, PRIVATE_KEY is a highly privileged secret. SKILL.md asserts credentials remain local, but with no included code to audit and an ambiguous logging/training pipeline mention, the claim cannot be independently verified. Recommend least-privilege testing (read-only/testnet keys) before providing mainnet keys.
Persistence & Privilege
always is false (good). The skill permits autonomous invocation by default (platform standard). Combined with access to a PRIVATE_KEY, autonomous invocation could be high impact if the skill actually executes writes — SKILL.md's internal guardrail requires confirmation for writes, but that is a behavioral rule in text and not a technical enforcement. No evidence the skill modifies other skills or system-wide configs.
What to consider before installing
Do not provide your main PRIVATE_KEY or production account credentials yet. Key points to confirm before installing: (1) Ask the publisher for the missing runtime files (launch.sh, Python package, cli.main) and verify their contents; the SKILL.md claims these exist but the package doesn't include them. (2) If the skill downloads code at runtime, request the exact URLs and inspect them before allowing execution. (3) Test first with a read-only or testnet account (or a wallet with minimal funds) to confirm behavior and that the skill truly asks for confirmation prior to any write. (4) Prefer skills with a verifiable homepage, published source, and included code you can audit; absence of these is a red flag for software that will manage on-chain funds. (5) If you must proceed, run the skill in an isolated environment (VM/container) and consider using a hardware wallet or delegated signer instead of placing a raw PRIVATE_KEY in .env. If you want, I can draft specific questions to ask the publisher or a checklist to verify the missing files and runtime URLs.Like a lobster shell, security has layers — review code before you run it.
latestvk9763j5ymaapevadde4jgmqemn83bbf5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🟡 Clawdis
OSmacOS · Linux
Any binpython3, python
EnvPRIVATE_KEY, HEDERA_ACCOUNT_ID, PACMAN_NETWORK
Primary envPRIVATE_KEY