Agentic Lending EVK Readonly
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: agentic-lending-evk-readonly Version: 0.1.0 The skill bundle is a read-only planning and verification tool for EVK-based lending markets (Euler/Api3). The instructions in SKILL.md and the documentation in the references directory consistently emphasize safety, dry-runs, and planning-only modes, explicitly forbidding the agent from performing live transactions, using signers, or automating external write paths. The provided JSON examples use placeholders for sensitive environment variables and addresses, and the command structures are aligned with the stated purpose of market analysis and deployment readiness assessment.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent ignores the read-only limits, these workflows could touch financially sensitive crypto operations.
The skill references funding and deployment-related tool paths, but it also explicitly restricts them to inspection, dry-run, or handoff use and forbids real sends.
`purchase-inputs` or `prepare-buy-subscription` ... `deploy-evk-market` only for dry-run or readiness inspection ... Never cross the line from readiness assessment into real-send execution.
Use only planning or dry-run modes, keep `send`/`broadcast` disabled, and require explicit human review before any separate live-capable workflow.
Running those commands executes local code that was not included in this review.
The skill is instruction-only, but its documented workflow involves running local Node CLI scripts from a repo outside the submitted artifact set.
node ./bin/part2-planner.js run-evk-workflow --input-file ./request.run-evk-workflow.json
Only run the commands from a trusted, reviewed repo checkout, and inspect the generated input files and dry-run settings first.
Wallet addresses and signer configuration names can reveal account context and could become risky if reused in a live executor.
The skill may ask for wallet-related identifiers and a signer environment variable name for planning a later live proof, although it does not ask for private keys or execute live sends itself.
Required inputs ... `accountAddress`, `signerEnvName` for a later live-capable workflow ... `operatorAck`
Do not provide private keys or secret values to this skill; keep signer environment variables local and use any live workflow only after separate review.
The reviewed artifacts look read-only, but the behavior of the referenced local scripts depends on code outside this package.
The package itself contains only instructions and references; the actual repo commands it describes are not present, so their implementation provenance cannot be verified from these artifacts.
Source: unknown; Homepage: none; No code files present — this is an instruction-only skill.
Confirm the source and contents of the external repo or installed sibling skill before executing any referenced script.