Lightspeed
v1.0.1Speed-CLI agentic skill hub: index to install, protocol, commands, scripts, building blocks, function builder, orchestration, identity/SANS, MCP, security, o...
⭐ 1· 76·0 current·0 all-time
byLightspeed@lightspeedfoundation
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is a documentation/index hub for 'Speed-CLI' and related agentic skills. It declares no binaries, env vars, install steps, or credentials, which is coherent with an instruction-only README-style skill.
Instruction Scope
SKILL.md instructs agents to follow GitHub links, read per-skill docs, clone the speed-scripts repo, and run Speed-CLI commands such as `speed setup`, `speed start`, and `speed skill`. The doc itself does not instruct the agent to read or exfiltrate local secrets, but following the links may require running scripts or commands that use wallets, encrypted env, RPC endpoints, or private keys — those operations can have side effects and should be reviewed before execution.
Install Mechanism
No install specification is included in the skill package (instruction-only). The README mentions optional installs (e.g., an npm package) on the upstream project, which is a normal distribution method but would occur outside this skill and should be validated if chosen.
Credentials
The skill declares no required environment variables or credentials. However, the subject matter (MCP, keys, encrypted env, identity/SANS, wallets) implies that using the referenced tools will likely require wallet keys, RPC URLs, or other secrets. That is appropriate for the upstream tooling, but users should not provide such secrets to this skill itself without explicit need and verification.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-level privileges or modify other skills' configs. Autonomous invocation is allowed (platform default) but that does not appear to create an outsized privilege in this case.
Assessment
This skill is documentation-only and appears to be what it says. Before following links or running commands from the referenced repos: 1) Inspect the upstream GitHub repo and any scripts you plan to run; don't blindly execute clone + install + run sequences. 2) Never paste private keys/seed phrases into prompts; if you need to test, use a throwaway account or minimal-funds wallet. 3) If you install the CLI (e.g., via npm), verify the package name, version, and source and consider installing in an isolated environment. 4) Be cautious with any steps that mention encrypted env, key management, or MCP — those legitimately need secrets, but you should supply them only to trusted, audited tools. If you want, I can fetch and summarize the linked skill pages so you can review commands and required envs before running anything.Like a lobster shell, security has layers — review code before you run it.
latestvk974ytr15fcz8m22nvmph02yvd83jvhf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.