Api3 Feed Manager
v0.2.1Discover, activate, fund, and maintain Api3 data feeds permissionlessly for downstream agent projects. Use when an agent needs a decentralized data feed pric...
⭐ 0· 26·0 current·0 all-time
by@daav3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included code and docs: the package uses @api3 contracts, dapi-management, and ethers to discover feeds, read on-chain state, compute proxies, and prepare activation/top-up plans. The network endpoints (market.api3.org and a GitHub-hosted pricing JSON) and contract packages are proportionate to the stated goal.
Instruction Scope
SKILL.md confines the agent to discovery, status checks, runway estimates, and preparing execution instructions; it explicitly recommends permissionless paths and states when execution isn't possible. It asks the agent to gather 'wallet/funder available to the agent' and whether execution is allowed, but does not itself prescribe reading private keys or specific env vars — this is reasonable, but leaves the method for transaction signing/broadcasting unspecified. The README states it does not broadcast transactions; the code appears to prepare calls and read data rather than sending signed txs.
Install Mechanism
There is no install spec (instruction-only skill), which minimizes installer risk. The bundle includes code and a package.json with legitimate dependencies necessary for Ethereum interactions (@api3 packages, ethers). Running the included scripts requires a Node environment and the listed dependencies; that is expected for this skill's function.
Credentials
The skill declares no required env vars or credentials. That aligns with its model of preparing transactions and requiring an external wallet to execute. However, practical activation/top-up flows will require a wallet and signing authority held by the agent or another skill — the skill does not request or document how private keys should be supplied. Users should ensure any wallet access provided to an agent is intentional and limited to the actions they approve.
Persistence & Privilege
The skill does not request permanent/always-on inclusion and does not modify other skills or global agent configuration. Default autonomy (disable-model-invocation false) is normal for skills and acceptable here given the limited scope.
Assessment
This skill appears coherent with its stated purpose: it discovers Api3 feeds, inspects on-chain and market state, and prepares activation/top-up plans. It does not itself declare or require credentials, but meaningful activation requires a wallet and signing capability — the skill prepares transaction inputs rather than secretly broadcasting them. Before installing, verify you trust any agent or other skill that will provide wallet access or private keys, and confirm your runtime will only grant signing/broadcasting rights intentionally. Also note the skill will make network requests to market.api3.org and GitHub-hosted pricing files and depends on Node + the listed npm packages (ethers and @api3/*). If you want an agent to actually execute payments, decide explicitly which component holds the private key and audit that integration separately.Like a lobster shell, security has layers — review code before you run it.
latestvk978j4158aw8awy05rmhc9deah84z2z6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.