ClawHub

DefiLlama Pro OpenAPI Skill

v1.0.0

Operate DefiLlama Pro analytics APIs through UXC with a curated OpenAPI schema, path-templated API-key auth, and read-first guardrails.

0· 120·1 current·1 all-time
by@jolestar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, OpenAPI schema, usage examples, and agent prompt all consistently describe read-only DefiLlama Pro API access via the uxc CLI. The included schema contains the documented read endpoints referenced in SKILL.md.
Instruction Scope
SKILL.md stays on scope: it requires uxc, the curated OpenAPI schema, network access to pro-api.llama.fi and a DefiLlama Pro API key, and gives explicit read-first guardrails. It does not instruct reading unrelated host files or sending data to unexpected endpoints. It explicitly warns about the API key appearing in request paths and daemon logs.
Install Mechanism
This is an instruction-only skill with no install spec. The only executable file is a local validation script (scripts/validate.sh) that requires jq and rg for developer-side checks; nothing is downloaded or written at install time.
Credentials
The skill does not declare required env vars in registry metadata, but SKILL.md instructs configuring a credential that uses DEFILLAMA_PRO_API_KEY via uxc. Requesting a single API key for the Pro host is proportional, but the metadata omission (no required env / primary credential) is a mild inconsistency the user should be aware of.
Persistence & Privilege
always is false and the skill does not request elevated or persistent system-wide privileges, nor does it modify other skills. Model invocation is allowed (platform default), which is expected for utility skills.
Assessment
This skill appears to do what it says: provide read-only access to DefiLlama Pro via the uxc CLI and a curated OpenAPI schema. Before installing: (1) confirm you have and trust uxc and that the schema URL (raw.githubusercontent.com/holon-run/...) is the intended source, (2) do not paste your API key on the command line or into chat—use uxc's secret handling as instructed (DEFILLAMA_PRO_API_KEY), (3) be aware the API key is placed in the request path and can appear in uxc daemon logs (~/.uxc/daemon/daemon.log); sanitize or rotate keys if you inspect logs, and (4) if you want to limit autonomous behavior, consider disabling autonomous invocation for this skill in your agent policy. The only minor inconsistency: the registry metadata does not list the DEFILLAMA_PRO_API_KEY requirement even though the docs show it—make sure you supply a Pro API key through uxc before using the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d9012vpar645cdn7ff735sn83242c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments