Agentic Street
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for DeFi investing, but it includes high-impact financial automation and notification behavior that users should review carefully before trusting.
Only install this if you understand the DeFi and wallet risks. Keep BANKR_KEY unset unless you intentionally want automatic transaction submission, review all TxData before signing, start with small amounts, secure all API and hook tokens, and be aware that some adapter trades may execute without an LP veto window.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe all trades can be reviewed and vetoed, when some trades can execute instantly and affect fund capital.
The top-level safety framing overstates LP veto/time-delay protections, while the detailed monitoring guide shows adapter trades can execute immediately without veto.
SKILL.md: "Every trade is transparent, time-delayed, and vetoable"; monitoring.md: "Adapter proposals ... execute instantly. No veto window."
Clearly state in the main skill description that adapter trades are instant and non-vetoable, and require users to understand that limitation before depositing or managing funds.
If an agent or user invokes this script with a Bankr key, real USDC approvals and deposits can be submitted on-chain and may lock funds in a DeFi fund.
When BANKR_KEY is set, the script submits both approval and deposit transactions automatically using API-returned transaction data, with no interactive confirmation in the script.
if [ -n "$BANKR_KEY" ]; then ... "Submitting USDC approval via Bankr..." ... "Submitting deposit via Bankr..."
Keep BANKR_KEY unset unless automatic submission is explicitly desired; add a human confirmation step, transaction preview, and amount limits before Bankr submission.
A failed local hook or network issue could cause proposal alerts to be acknowledged and not re-delivered, reducing the chance to veto a risky trade in time.
The hook delivery failure is swallowed with `|| true`, and the script then proceeds to acknowledge notifications, which can mark alerts as handled even if OpenClaw was not notified.
curl ... "${HOOK_URL}/hooks/agent" ... || true ... curl ... "${API_URL}/notifications/ack" ...Only acknowledge notifications after confirmed hook delivery, or keep failed deliveries pending for retry.
Leaking or overexposing these keys could let someone impersonate the agent, submit transactions through Bankr, or trigger local agent hooks.
The skill discloses credential use, but those credentials represent account identity, transaction submission authority, and local hook access.
AST_API_KEY ... "API key for authenticated write endpoints"; BANKR_KEY ... "API key for automatic tx submission"; OPENCLAW_HOOK_TOKEN ... "Required if running ast-watcher.sh"
Use narrowly scoped keys where possible, store them securely, and only set BANKR_KEY or OPENCLAW_HOOK_TOKEN in environments that need them.
If installed in cron, the skill can continue waking the agent after the initial task, which may be surprising if the user expected only manual operation.
The watcher is a persistent, cron-oriented script that can wake the local agent when pending events are detected.
# Runs via system crontab ... "wakeMode": "now", "deliver": true
Install the watcher only if ongoing monitoring is desired, document the cron entry, and remove or disable it when no longer needed.
A user following the manual install path relies on the remote files served at install time.
SKILL.md documents a user-directed remote curl installation path without integrity pinning; this is not automatic, but users should notice it.
curl -s https://agenticstreet.ai/skill.md > ~/.agentic-street/skills/agentic-street/SKILL.md
Prefer the registry install path when possible, or verify the source and file contents before installing remote-downloaded skill files.