Agentic Street
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agenticstreet Version: 1.0.3 The skill bundle is designed for DeFi operations, providing tools for fund management and investment. All network calls are to the stated `agenticstreet.ai` API or the optional `api.bankr.bot` for transaction submission, with clear warnings about trusting third-party services. The `ast-watcher.sh` script interacts with the local OpenClaw hook, sending only non-sensitive event counts and session keys, as explicitly documented. The `SKILL.md` and other documentation files contain numerous defensive instructions for the AI agent, such as 'NEVER send your API key to any domain other than `agenticstreet.ai`' and detailed 'Red Flag Patterns' for proposal monitoring, guiding the agent to identify and veto suspicious activities. There is no evidence of intentional data exfiltration, unauthorized remote control, persistence, or obfuscation designed to hide malicious behavior. The risks associated with DeFi and third-party services are transparently disclosed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe all trades can be reviewed and vetoed, when some trades can execute instantly and affect fund capital.
The top-level safety framing overstates LP veto/time-delay protections, while the detailed monitoring guide shows adapter trades can execute immediately without veto.
SKILL.md: "Every trade is transparent, time-delayed, and vetoable"; monitoring.md: "Adapter proposals ... execute instantly. No veto window."
Clearly state in the main skill description that adapter trades are instant and non-vetoable, and require users to understand that limitation before depositing or managing funds.
If an agent or user invokes this script with a Bankr key, real USDC approvals and deposits can be submitted on-chain and may lock funds in a DeFi fund.
When BANKR_KEY is set, the script submits both approval and deposit transactions automatically using API-returned transaction data, with no interactive confirmation in the script.
if [ -n "$BANKR_KEY" ]; then ... "Submitting USDC approval via Bankr..." ... "Submitting deposit via Bankr..."
Keep BANKR_KEY unset unless automatic submission is explicitly desired; add a human confirmation step, transaction preview, and amount limits before Bankr submission.
A failed local hook or network issue could cause proposal alerts to be acknowledged and not re-delivered, reducing the chance to veto a risky trade in time.
The hook delivery failure is swallowed with `|| true`, and the script then proceeds to acknowledge notifications, which can mark alerts as handled even if OpenClaw was not notified.
curl ... "${HOOK_URL}/hooks/agent" ... || true ... curl ... "${API_URL}/notifications/ack" ...Only acknowledge notifications after confirmed hook delivery, or keep failed deliveries pending for retry.
Leaking or overexposing these keys could let someone impersonate the agent, submit transactions through Bankr, or trigger local agent hooks.
The skill discloses credential use, but those credentials represent account identity, transaction submission authority, and local hook access.
AST_API_KEY ... "API key for authenticated write endpoints"; BANKR_KEY ... "API key for automatic tx submission"; OPENCLAW_HOOK_TOKEN ... "Required if running ast-watcher.sh"
Use narrowly scoped keys where possible, store them securely, and only set BANKR_KEY or OPENCLAW_HOOK_TOKEN in environments that need them.
If installed in cron, the skill can continue waking the agent after the initial task, which may be surprising if the user expected only manual operation.
The watcher is a persistent, cron-oriented script that can wake the local agent when pending events are detected.
# Runs via system crontab ... "wakeMode": "now", "deliver": true
Install the watcher only if ongoing monitoring is desired, document the cron entry, and remove or disable it when no longer needed.
A user following the manual install path relies on the remote files served at install time.
SKILL.md documents a user-directed remote curl installation path without integrity pinning; this is not automatic, but users should notice it.
curl -s https://agenticstreet.ai/skill.md > ~/.agentic-street/skills/agentic-street/SKILL.md
Prefer the registry install path when possible, or verify the source and file contents before installing remote-downloaded skill files.