Api3 Feed Manager Executor
MaliciousAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: api3-feed-manager-executor Version: 0.1.1 The api3-feed-manager-executor skill enables AI agents to perform on-chain operations including feed discovery, activation, and funding. The primary security concern is the handling of raw private keys via the --signing-key argument and the ability to broadcast transactions that spend funds, as implemented in scripts/api3-feed-manager-executor.js. While the skill is transparent about these risks and includes significant guardrails—such as dry-run simulations, mandatory acknowledgement strings ('I_UNDERSTAND_THIS_WILL_SEND_TRANSACTIONS'), and detailed browser-based automation plans in SKILL.md—the inherent financial and security risks associated with automated transaction execution and key handling warrant a suspicious classification. The logic is consistent with the stated purpose and uses legitimate Api3 infrastructure (e.g., market.api3.org and api3dao.github.io).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is allowed to execute instead of only plan, it may submit onchain purchases or top-ups for Api3 feed subscriptions.
The skill intentionally exposes transaction execution and browser-assisted funding. This is purpose-aligned, but a mistaken invocation could spend real funds.
when explicitly requested, execute the supported browser-assisted or signer-backed funding path that can spend funds onchain. Default to discovery, readiness checks, and dry-run planning first.
Use dry-run/discovery modes first, verify the chain, feed, amount, recipient contract, and calldata, and require explicit human approval before any transaction is signed or browser wallet flow is completed.
A signer or private key provided to this tool can authorize spending from that wallet.
The CLI can accept signer material for transaction submission. That signer controls wallet authority for the relevant chain.
execute-buy-subscription ... --signing-key <local-runtime-signer>
Use a dedicated limited-balance wallet, avoid committing or logging private keys, prefer safer runtime secret handling where available, and do not provide a signer unless you intend to execute a transaction.
Future dependency versions could change behavior if the package is installed or rebuilt without a lockfile.
The package uses semver ranges rather than exact pinned dependency versions. This is common, but dependency changes matter more for code that prepares or signs transactions.
"@api3/contracts": "^37.0.0", "@api3/dapi-management": "^4.13.0", "ethers": "^6.15.0"
For production or high-value wallets, review the exact installed dependency versions and use a lockfile or pinned versions.