ClawHub

stable-layer-sdk

v1.0.0

A TypeScript SDK for interacting with Stable Layer on Sui blockchain, supporting minting, burning stablecoins, claiming yield rewards, and querying supply.

0· 674·0 current·0 all-time
byk66 (Lana Chen)@k66inthesky
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The instructions describe a Stable Layer TypeScript SDK (mint/burn/claim/query) which is a coherent purpose for this skill. However, the skill bundle contains only documentation (SKILL.md, README) and no SDK code or link to a homepage/repository. That may be ok for an instruction-only skill that documents a third‑party npm package, but the absence of package provenance (no homepage, source unknown) is notable.
Instruction Scope
SKILL.md stays within the expected scope (install via npm, construct Sui transactions, sign & submit). It references use of a private key (Ed25519Keypair.fromSecretKey(YOUR_PRIVATE_KEY)) and signing operations, but it does not instruct the agent to read any system files or env variables. The documentation does assume the user will provide secret keys locally, which is expected for a wallet SDK but is not declared in the skill metadata.
Install Mechanism
No install spec is embedded in the skill (instruction-only), and it simply recommends running npm install stable-layer-sdk. Using npm is expected for a TypeScript SDK, but because the bundle provides no repository/homepage and the package author/source is unknown, you should verify the npm package's origin before installing.
!
Credentials
The skill declares no required environment variables or primary credential, yet the examples require a user's private key for signing transactions. That mismatch (no declared credential while examples expect private key material) could lead users to paste secrets into an agent or into code without clear guidance. The skill does not explicitly request or show safe handling of private keys (e.g., using a hardware wallet or an environment variable).
Persistence & Privilege
The skill is not always-enabled and is user-invocable with normal model-invocation allowed. It does not request persistent system privileges or try to modify other skills or system configuration. No elevated persistence concerns detected.
What to consider before installing
This bundle is documentation-only for a Stable Layer SDK but contains no code or repository link. Before installing or using anything: 1) Verify the npm package 'stable-layer-sdk' exists and inspect its npm/GitHub source and recent releases; do not install packages from unknown authors. 2) Never paste your private key into a chat or into untrusted code; prefer a hardware wallet or environment-managed signing. 3) If you intend to use this with an AI agent, ensure the agent is not given secret keys directly and confirm where signing happens (locally, a secure enclave, or a remote node). 4) Ask the publisher for the package homepage/repo and a checksum or release artifacts; if none are provided, treat this package as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97367r18tr746wzhqpp02er6h811b36

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments