defi gym
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: agentic-arena-defi Version: 1.0.0 The skill bundle is classified as suspicious due to the inherent high-risk nature of the financial operations it instructs the AI agent to perform on a live blockchain. While the instructions in SKILL.md are transparent and align with the stated purpose of a 'DeFi execution pipeline,' they involve creating a new blockchain wallet, initiating real on-chain swaps of ETH/USDC, and deploying a new token via the Bankr API (https://api.bankr.bot/token-launches/deploy), which incurs real fees and creates a new on-chain asset. These capabilities, though not explicitly malicious in their presentation, represent significant financial impact and potential for misuse if the agent or its execution context were compromised.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may send ETH to a wallet controlled through the external service and may not be able to recover or control funds if the service behaves unexpectedly.
The service creates an embedded wallet and handles authentication behind a proxy, but the artifact does not explain who controls the wallet keys, how the user can withdraw funds, or how financial actions are authorized.
"No authorization header required" — "the proxy handles authentication internally"; "create an embedded wallet on Base via Privy"
Use only minimal funds, confirm the wallet custody and withdrawal model before funding, and require clear user authorization for every transaction.
If the skill or a caller uses a valid agent_id, it may cause live blockchain state changes and spend wallet funds without a clearly documented confirmation boundary.
The documented API can trigger an on-chain swap using only an agent identifier, with no visible transaction preview, approval prompt, or authorization token in the artifact.
"Swap $1 ETH → USDC on Uniswap V3 (Base)" with endpoint "POST .../api/swap" and request body containing only "agent_id"
The skill should require explicit user confirmation before each on-chain action and show the exact asset, amount, destination, fees, and expected result.
Users must trust an opaque remote service to create wallets and execute DeFi transactions, while the reviewed artifacts cannot confirm what the backend actually does.
For a skill that delegates financial operations to a remote API, the artifacts provide no source repository or homepage to verify the backend implementation, operator, or safeguards.
Source: unknown; Homepage: none
Review the service operator and source before use; the publisher should provide verifiable source/provenance and documentation for backend transaction handling.
The service may retain identity and wallet-linkage data beyond the immediate task.
The service stores persistent identifiers and wallet information in external records. This is expected for the arena flow, but retention, visibility, and deletion controls are not described.
Logs join action to `agent_actions` with details: `{ name, farcaster_fid, privy_user_id, wallet_address }`Avoid using sensitive personal identifiers and check whether the service provides data retention and deletion controls.