Api3 Feed Manager Readonly
PassAudited by ClawScan on May 7, 2026.
Overview
The skill is coherently documented as a read-only API3 feed discovery and transaction-planning helper, with no artifact evidence that it stores keys or submits transactions.
Use this as a planning/read-only tool only. Do not provide private keys or seed phrases. Before executing any generated transaction with a separate wallet or executor, verify the chain, target contract, calldata, value, and pricing against trusted API3 sources.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or downstream agent could use the generated calldata or browser plan to spend funds or activate a feed, so incorrect inputs should be caught before execution.
The skill can produce actionable purchase or contract-call instructions. This is disclosed and framed as review material, not automatic execution, but it could affect funds if a separate executor follows it blindly.
generate browser-assisted funding plans generate exact contract-call payloads for later human or executor use
Treat all generated transaction details as drafts. Verify target addresses, values, calldata, chain IDs, and prices before using any separate wallet or executor.
Future installs could resolve to newer dependency versions than the ones originally tested.
The CLI relies on external npm packages with caret version ranges. These dependencies are expected for API3/Ethers integration, but the artifact does not pin exact install-time versions.
"dependencies": {
"@api3/contracts": "^37.0.0",
"@api3/dapi-management": "^4.13.0",
"ethers": "^6.15.0"
}Install from a trusted source, review or generate a lockfile, and use dependency auditing for higher assurance.