DeFi Research
ReviewAudited by ClawScan on May 17, 2026.
Overview
This is a coherent DeFi lookup skill, but it tells wallet-enabled agents to make crypto payments without explicit approval or spending-limit safeguards.
Review this skill carefully before installing. If you use it, require manual approval for every payment, set a small wallet budget, verify the USDC address and API provider, and avoid sharing broad credentials or wallet permissions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A wallet-enabled agent could spend the user's USDC to use the API, and crypto transfers are usually irreversible.
This directly instructs the agent to perform crypto payments as part of using the skill, but the artifact does not define user approval requirements, spending limits, or safeguards for repeated calls.
Option B — Pay-per-call with USDC: No account needed. Send exact USDC on Base to 0xC9D03C8Af4Bd51e0aDc9fc885AB227cbe6B649F5, then retry with tx_hash.
Only use this skill with explicit per-payment approval, a strict budget cap, and verification of the destination address and amount before any transaction.
Using a real API key or wallet may expose account access or funds if the provider or destination is not trusted.
API keys and wallet access are expected for this paid DeFi API, but they are sensitive authorities and should be scoped to this service only.
Send api_key with each request. ... Works with any web-connected OpenClaw agent with crypto wallet support.
Use a dedicated low-balance wallet and a limited API key; never provide seed phrases or broad wallet permissions.
Users may have difficulty confirming who operates the API before sending funds or API credentials.
The provided artifacts do not identify an external source or homepage for the paid API service, which makes independent provider verification harder.
Source: unknown; Homepage: none
Verify the provider, API base URL, pricing, and payment address out of band before installing or using the skill.