ClawHub

Liquidity Monitor

v1.0.0

DeFi liquidity analysis reference — AMM mechanics, Uniswap V2/V3 math, Curve StableSwap, impermanent loss calculation, and MEV protection strategies

0· 27·0 current·0 all-time
by@loutai0307-prog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (DeFi liquidity reference) match the delivered artifacts: SKILL.md documents commands that emit reference text and the included scripts/script.sh contains matching heredoc content. There are no unexpected credentials, binaries, or external dependencies declared.
Instruction Scope
SKILL.md explicitly states outputs are plain-text via heredoc and no external API calls are required. The provided script defines cmd_* functions that produce static documentation via heredocs and does not reference files, env vars, or network endpoints in the visible portions.
Install Mechanism
No install spec is provided (instruction-only). There are no downloads, package installs, or archive extraction steps — the only shipped code is the local script.
Credentials
The skill declares no required environment variables, credentials, or config paths and the instructions do not attempt to access any secrets. References to external tools/websites are purely informational.
Persistence & Privilege
Skill is not always-enabled and uses normal model invocation. It does not request elevated persistence or modify other skills/configurations.
Assessment
This appears to be a purely offline reference skill that outputs static DeFi documentation. Before installing: (1) inspect the full scripts/script.sh file yourself (search for network-related commands like curl, wget, nc, ssh, python -c, or base64 decode + exec) — the prompt showed the file truncated, so verify the tail for hidden behavior; (2) if you allow autonomous agent invocation on your platform, be aware that a malicious skill with network access could exfiltrate data—this skill does not request credentials, but confirm the runtime environment prohibits outbound network if that is a concern; (3) if you only need the reference content, consider running the script in a sandboxed environment first. Overall, the components are coherent with the stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk971zzpv1yhrtpv6rar9qmgg99849b86

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments