Giza
v1.0.2Autonomous DeFi yield management on Giza -- onboarding, portfolio reviews, withdrawals, rewards, and education. Connects to the Giza MCP server for autonomou...
⭐ 0· 156·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (DeFi yield management) matches the runtime instructions which route intents to giza_* MCP tools (portfolio, apr, withdraw, login, etc.). No unrelated binaries, environment variables, or config paths are requested.
Instruction Scope
SKILL.md specifies conversational behavior, routing to specific giza_* tools, an explicit auth flow, and an explicit confirmation flow for sensitive actions (withdrawals, deactivation). It does not instruct reading system files, extra env vars, or sending data to unexpected external endpoints in the provided content. The skill relies on platform tool calls (giza_*), which is consistent with its purpose.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables or credentials. This is proportionate because authentication is delegated to giza_login/giza_whoami tool flows described in SKILL.md. There are no unrelated credential requests in the instructions.
Persistence & Privilege
always is false and the skill does not request elevated or persistent system presence. disable-model-invocation is false (normal). The skill does direct potentially destructive operations (withdrawals), but it requires explicit user confirmation before performing them.
Assessment
This skill appears internally consistent for a DeFi assistant, but exercising caution is warranted because it directs financial operations through external MCP tools you can't inspect here. Before installing: 1) Confirm you trust the Giza/MCP provider (no homepage or provenance is provided in the registry metadata). 2) Verify where giza_* tool calls are executed (which server / API) and review their privacy/audit documentation if available. 3) When using the skill, always read confirmation prompts carefully before approving withdrawals or deactivations and test with small amounts first. If you want higher assurance, ask the publisher for the MCP endpoint, the implementation of the giza_* tools, or an audit report; having those would raise confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk97exaev6z9bg9m1vfrp2gf9g58326t5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.