Lista
ReviewAudited by ClawScan on May 10, 2026.
Overview
The read-only Lista reporting functions mostly match the stated purpose, but the skill promises future Telegram/Discord alerts or subscriptions without any provided scheduling or channel-integration mechanism.
Use this skill for read-only Lista reports only if you are comfortable sending wallet addresses to Lista MCP/API services. Verify any Telegram/Discord alert or digest subscription outside the skill before relying on it, and review saved risk thresholds under ~/.lista if liquidation warnings matter to you.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could believe liquidation alerts are active and rely on them, even though the reviewed artifacts only show a confirmation message.
The provided artifacts do not include a scheduler, notification service, Telegram/Discord credentials, webhook setup, or install mechanism that would actually deliver these future alerts.
Done. Alerts will be sent via [channel] when any position crosses the threshold.
Do not promise automated alerts unless the skill implements and declares the notification mechanism; otherwise change the flow to say alerts require separate platform setup and user verification.
The agent may execute local read-only commands and contact Lista APIs to generate reports.
The skill may run local Node.js or curl fallback commands, but these are disclosed and scoped to read-only Lista data retrieval.
moolah.js (Node.js, no install needed): `node skills/lista/scripts/moolah.js [--chain bsc|eth] <command>` ... REST API (curl): `curl -s "https://api.lista.org/api/moolah/<endpoint>"`
Keep command arguments limited to normal wallet addresses, chains, and token symbols, and avoid treating these report commands as transaction-execution tools.
Wallet addresses and associated lending-position queries may be visible to Lista's MCP/API services.
The skill uses an external Lista MCP/provider path for wallet position and market data. This is expected for the integration, but it means wallet-related queries are sent to that provider.
MCP tools (preferred): `lista_get_position`, `lista_get_borrow_markets`, `lista_get_lending_vaults`, ... Optional: ... `https://mcp.lista.org/mcp`
Use this skill only for wallet addresses you are comfortable querying through Lista's remote services; no private keys or signing credentials should be provided.
Future reports may warn more or less aggressively depending on saved local threshold settings.
Risk thresholds persist locally and are reused across future reports, so incorrect or unexpected values can change liquidation-risk classifications.
Persistent config file — `~/.lista/thresholds.json` ... Before computing risk levels, always check if this file exists. If it does, use its values.
Review threshold values before relying on risk alerts, and use the documented reset/default flow if the saved configuration is unexpected.