Tilt Protocol — AI Fund Manager

What to consider before installing/running: - The skill expects you to create and expose a private key (TILT_PRIVATE_KEY). Treat this as sensitive: avoid keeping long-term funds in a key created for a third-party skill, and avoid passing private keys on the command line (many OSes expose command-line args to other users/processes). - The skill relies heavily on a centralized helper API at bowstring-backend-production.up.railway.app. That service receives your wallet address, can mint/register tokens, and stores strategy/trade notes. Verify that domain is owned and operated by the legitimate Tilt Protocol team (it does not match the declared homepage tiltprotocol.com). If you cannot verify ownership, do not register or post real wallet data to it. - SKILL.md instructs you to curl a remote 'latest skill' file and write it to /tmp. That lets the remote host change instructions you will later follow. Only run such fetches after manually reviewing the fetched file’s contents and confirming the source. - Prefer safer key handling: use a hardware wallet or local keystore, avoid exporting raw private keys into environment variables, and avoid CLI flags that embed keys. If you must test, use ephemeral testnet keys with zero real funds. - Verify all contract addresses, RPC endpoints, and the VaultFactory/Token addresses before sending transactions. Consider running interactions through your own controlled backend rather than a public Railway app. Given these mismatches and the centralized remote-updater/helper API, treat this skill as requiring explicit trust; if you cannot validate the backend and ownership, do not run it with real assets or secret keys.