ClawHub

DefiLlama OpenAPI Skill

v1.0.0

Operate DefiLlama public analytics APIs through UXC with a curated OpenAPI schema and read-first guardrails.

0· 137·2 current·2 all-time
by@jolestar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name, description, OpenAPI schema, and runtime instructions are aligned: it only exposes a small read-only subset of DefiLlama (protocols, per-protocol, chains). One minor mismatch: the SKILL.md requires the 'uxc' CLI to be present and network access to api.llama.fi, but the registry metadata lists no required binaries — the skill will fail at runtime if 'uxc' is absent. This is an operational omission rather than a security mismatch.
Instruction Scope
SKILL.md limits actions to inspecting and calling three GET operations via a uxc-backed CLI, instructs to use JSON output only, and explicitly excludes write/admin operations and other hosts. It does not instruct reading unrelated files or environment variables. The included validate script is a local sanity check and not executed by the skill at runtime.
Install Mechanism
No install spec is provided (instruction-only skill), so nothing is written to disk by the skill itself. The only network fetch called out is the curated OpenAPI schema on raw.githubusercontent.com (a well-known host). There is no download-from-arbitrary-server install behavior.
Credentials
The skill requests no environment variables or credentials and explicitly states it is public and read-only. The included files and scripts do not reference secrets or unrelated credential stores.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent config, and is user-invocable only. Autonomous model invocation is allowed (platform default) but the skill's scope is read-only which limits risk.
Assessment
This skill appears coherent and read-only, but check these before installing: ensure you trust the 'uxc' tool (SKILL.md requires it) and understand what 'uxc link' will do in your environment; confirm you are comfortable allowing network access to https://api.llama.fi and that fetching the curated OpenAPI schema from raw.githubusercontent.com is acceptable; verify the included local schema (references/defillama-public.openapi.json) and that it points only to api.llama.fi (it does); validate that you don't need DefiLlama Pro or other hosts (the skill deliberately avoids them). The validate.sh script requires jq and ripgrep (rg) for local validation only — these are not credentials but are runtime requirements for maintainers. If you rely on autonomous agent invocation, remember this skill can be invoked by agents (platform default), but its read-only scope keeps privilege limited.

Like a lobster shell, security has layers — review code before you run it.

latestvk9768cgyqe1jh910xb4rsgtfah833v56

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments