Aegis Intel Stack
v0.1.0Provides micro-skills for pre/post execution analysis and triggers for manifest and delta re-buy in EVM gas and transaction management.
⭐ 0· 396·0 current·0 all-time
byHanjinu@kankinku
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name and description claim EVM micro-skills (health_ping, gas_snapshot, tx_explain, intel_manifest, intel_delta_update) but the package contains no code or assets implementing them. The SKILL.md assumes a local repository named 'aegis-suite' and build artifacts (apps/utility-seller/dist/dev_server.js). Requiring the consumer to provide a separate repo without documenting it is inconsistent with the skill's advertised capability.
Instruction Scope
Runtime instructions tell the operator to run 'npm install', copy an .env.example into an .env, run builds and start a local node dev server, and invoke endpoints on localhost. Those steps execute third-party code and start networked services not included in the skill bundle. The SKILL.md references filesystem paths and environment usage that are not declared, giving the agent broad discretion to run arbitrary code from npm.
Install Mechanism
There is no install spec in the skill bundle (instruction-only), which is low-risk in isolation. However the instructions require running 'npm install' which fetches and executes remote packages and scripts from the npm registry—this is moderate-risk behavior if you run it without auditing package.json and lockfiles.
Credentials
The SKILL.md instructs copying apps/utility-seller/.env.example to .env but the skill declares no required environment variables or primary credential. That suggests the runtime actually expects environment configuration (potentially secrets) that are not declared or explained—an inconsistency that could hide unexpected credential use.
Persistence & Privilege
The skill does not request always:true and does not declare elevated privileges. However the instructions start a local dev server (node .../dev_server.js) which is persistent while running; this is a runtime behavior mismatch (skill doesn't request persistent presence but instructs launching a long-lived service).
What to consider before installing
Do not run the npm install/build/start steps until you have the actual source to inspect. The SKILL.md expects a separate 'aegis-suite' repo and will fetch npm packages and run code from them—this can execute arbitrary scripts and network requests. Before installing or executing: 1) Obtain the repository or package files referenced by SKILL.md (aegis-suite) and review package.json, package-lock.json/yarn.lock, and apps/utility-seller/dist/dev_server.js. 2) Inspect apps/utility-seller/.env.example to see what environment variables or secrets are expected. 3) If you must run it, do so in an isolated sandbox or VM with no access to sensitive networks/credentials and with network egress restricted. 4) Ask the publisher for source code, a homepage/repo URL, a manifest of dependencies, and an explicit list of required environment variables and their purpose. If you cannot review the code and dependency graph, treat this skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latest
Aegis Intel Stack (Utility)
This skill bundle provides a reference implementation + packaging for the MVP offerings:
health_pinggas_snapshottx_explainintel_manifestintel_delta_update
Local run
cd aegis-suite
npm install
cp apps/utility-seller/.env.example apps/utility-seller/.env
npm run build
node apps/utility-seller/dist/dev_server.js
Call examples
curl -s localhost:8787/call/health_ping -X POST -H 'content-type: application/json' -d '{"message":"hi"}'
curl -s localhost:8787/call/gas_snapshot -X POST -H 'content-type: application/json' -d '{"chain":"base","urgency":"standard","gas_units":150000}'
Launch automation (docs generation)
cd aegis-suite
npm run launch:profile
npm run launch:changelog
npm run launch:metrics
Outputs:
apps/launch-agent/docs/publish_profile.mdapps/launch-agent/docs/CHANGELOG.mdapps/launch-agent/docs/metrics_report.md
Comments
Loading comments...