ClawHub

stablecoin-depeg-scanner

v1.0.0

Evaluate stablecoin depeg events for crisis arbitrage opportunities. Use when a user mentions a stablecoin crash, depeg, exploit, hack, or asks whether to bu...

0· 81·0 current·0 all-time
by@june-kris
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: the skill fetches price and TVL from CoinGecko and DefiLlama, scores the event, and asks the agent to do targeted web searches. It does not request unrelated credentials or binaries.
Instruction Scope
SKILL.md instructs running the included Python script and using web_search to confirm exploit/team signals (PeckShield/SlowMist/Twitter). This is expected for the stated purpose. Note: it requires the agent to resolve and run the script from SKILL_DIR (i.e., the agent needs filesystem and network access to execute the script and perform web searches). The instructions do not ask the agent to read unrelated system files or exfiltrate secrets.
Install Mechanism
No install spec is provided (instruction-only + included script). Nothing is downloaded at install time, so there is no install-time network pull to scrutinize.
Credentials
The skill requires no environment variables, credentials, or config paths. The script makes unauthenticated calls to public APIs (CoinGecko, DefiLlama), which is appropriate for this task.
Persistence & Privilege
The skill is not forced-always and does not request elevated or persistent privileges. It does not modify other skills or system configuration.
Assessment
This skill appears internally consistent with its purpose: it calculates quick heuristics using public CoinGecko and DefiLlama data and asks you (or the agent) to manually confirm exploit/team signals via web searches. Before installing or running: 1) remember this is trading guidance, not financial advice — the tool favors fast, small, high-risk bets; only use capital you can afford to lose; 2) running the script requires the agent to execute code and make outbound HTTP requests — if you run it in a multi-tenant or sensitive environment, run it in a sandboxed environment instead; 3) the SKILL.md expects the agent to access SKILL_DIR and the filesystem to run the script — ensure the agent's filesystem access is limited to the skill directory; 4) the script uses public APIs (CoinGecko/DefiLlama) — check rate limits and API reliability for production use; and 5) if you want extra assurance, review the full, untruncated depeg_eval.py file locally (search for any hidden endpoints, logging of environment variables, or unexpected network calls) before using the tool for real trades.

Like a lobster shell, security has layers — review code before you run it.

latestvk97epzs8xmexe86x607hdn01g183d275

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments