31Third Safe Rebalancer (Simple)
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This appears to be an advertised Safe rebalancer, but it can use an executor private key to submit real on-chain trades while the registry metadata does not declare those credentials or approval boundaries.
Only use this if you understand that `rebalance_now` can submit real Safe trades. Use a dedicated executor wallet, never use or expose the Safe owner private key, review the transaction details before execution, and inspect the Node package/source before installing or setting wallet environment variables.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An installed agent could submit a rebalance transaction that changes the Safe's token positions; unintended invocation or bad inputs could cause financial loss within the deployed policy limits.
The primary tool is documented to calculate and submit an on-chain transaction, but the artifacts do not show a required human review, transaction preview, or dry-run gate before submission.
Best practice: use only one command / one tool: `rebalance_now` ... Executes via SDK `executeRebalancing(...)` using ethers wallet signer. Waits for confirmation and returns tx hash.
Require explicit per-transaction approval, show assets/amounts/slippage before signing, and disable autonomous invocation for live rebalances unless the user confirms.
Users may install the skill without realizing it needs a private key capable of delegated Safe execution and an API key, increasing the risk of accidental exposure or misuse.
The registry metadata under-declares sensitive credential needs that SKILL.md says are required, including a private key used by the skill.
metadata: "Required env vars: none" / "Primary credential: none"; SKILL.md: "EXECUTOR_WALLET_PRIVATE_KEY=0x..." and "TOT_API_KEY=your_31third_api_key"
Declare the executor private key and API key in metadata, clearly state the exact authority the executor key has, and advise users to use a dedicated, restricted executor key rather than any Safe owner key.
Users may run local package code from an unknown source before using a high-value wallet workflow.
The local Node setup is purpose-aligned, but provenance and installation are less transparent than the registry metadata suggests.
Source: unknown ... No install spec — this is an instruction-only skill. SKILL.md: `npm install` and `npm run build`
Review package.json/package-lock and source code before installing, and run setup in a clean environment before adding wallet-related environment variables.