Agentic Lending EVK Readonly
PassAudited by ClawScan on May 7, 2026.
Overview
This is a read-only crypto lending planning skill with strong no-transaction instructions, but users should verify the external local scripts and avoid providing live wallet secrets.
This skill appears safe to install as a read-only planning aid if you keep it within its stated limits. Before running any referenced Node command, make sure the underlying repo is trusted, the command is in dry-run or inspection mode, and no live signer, private key, wallet secret, `--live`, `send`, or `broadcast` setting is being used.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent ignores the read-only limits, these workflows could touch financially sensitive crypto operations.
The skill references funding and deployment-related tool paths, but it also explicitly restricts them to inspection, dry-run, or handoff use and forbids real sends.
`purchase-inputs` or `prepare-buy-subscription` ... `deploy-evk-market` only for dry-run or readiness inspection ... Never cross the line from readiness assessment into real-send execution.
Use only planning or dry-run modes, keep `send`/`broadcast` disabled, and require explicit human review before any separate live-capable workflow.
Running those commands executes local code that was not included in this review.
The skill is instruction-only, but its documented workflow involves running local Node CLI scripts from a repo outside the submitted artifact set.
node ./bin/part2-planner.js run-evk-workflow --input-file ./request.run-evk-workflow.json
Only run the commands from a trusted, reviewed repo checkout, and inspect the generated input files and dry-run settings first.
Wallet addresses and signer configuration names can reveal account context and could become risky if reused in a live executor.
The skill may ask for wallet-related identifiers and a signer environment variable name for planning a later live proof, although it does not ask for private keys or execute live sends itself.
Required inputs ... `accountAddress`, `signerEnvName` for a later live-capable workflow ... `operatorAck`
Do not provide private keys or secret values to this skill; keep signer environment variables local and use any live workflow only after separate review.
The reviewed artifacts look read-only, but the behavior of the referenced local scripts depends on code outside this package.
The package itself contains only instructions and references; the actual repo commands it describes are not present, so their implementation provenance cannot be verified from these artifacts.
Source: unknown; Homepage: none; No code files present — this is an instruction-only skill.
Confirm the source and contents of the external repo or installed sibling skill before executing any referenced script.