Dex Aggregator
Aggregate DEX prices and DeFi protocol data using DeFiLlama API. Use when comparing token prices. Requires curl.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 259 · 1 current installs · 1 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the behavior: the scripts query DeFiLlama, CoinGecko, Dexscreener and similar public APIs to aggregate prices and protocol data. However the SKILL.md claims "Requires curl" while the packaged scripts also call python3 and use urllib/urlopen; that dependency is not declared. Also the two scripts use different data directories (~/.local/share/dex-aggregator vs ~/.dex-aggregator), which is inconsistent.
Instruction Scope
Runtime instructions run the included shell/Python scripts which make outbound HTTP requests to public DeFi APIs and create/read small local files (watchlist) in the user's home directory. The scripts do not attempt to read other system files or require external credentials. However the provided dex.sh content is truncated in the review ("…[truncated]") so parts of its behavior could not be inspected; that missing portion reduces confidence.
Install Mechanism
There is no install spec and no remote downloads; this is an instruction-only skill with bundled scripts. That is lower risk than a skill that downloads and executes remote archives.
Credentials
The skill requests no credentials or environment variables (other than relying on HOME implicitly). This is proportionate. Minor issue: SKILL.md and tips reference API keys and 'Requires curl' but the code uses python3 urllib for many calls; missing declaration of python3 as required is a mismatch but not credential-excessive.
Persistence & Privilege
always:false and user-invocable — normal. The scripts write small files under the user's home (watchlist and a data directory) but do not modify other skills or system configuration. The inconsistency in data directory paths across files could cause multiple directories to be created.
What to consider before installing
This skill mostly does what it says (queries public DeFi/APIs and stores a small watchlist locally), but review before installing: 1) Inspect the full scripts/dex.sh file — the provided content here was truncated, so confirm there are no hidden network endpoints or unexpected file reads. 2) Note the inconsistency: one script uses ~/.local/share/dex-aggregator while the other uses ~/.dex-aggregator — decide which you prefer and adjust. 3) The code has quoting/bug issues (single-quoted curl URL prevents variable expansion, echo messages use single quotes so variables won't expand) — these are functional bugs, not proof of malice, but they could produce surprising output. 4) The skill requires network access (calls CoinGecko, Dexscreener, DeFiLlama, etc.); run in a sandbox or inspect traffic if you need to restrict endpoints. 5) No credentials are requested, but if you plan to add API keys as hinted in tips.md, keep them out of untrusted skills. If you don't want scripts writing to your home, don't install. If you want to proceed, ask the author for a corrected release (consistent paths, declared python3 dependency, fixed quoting) or run the scripts manually in a controlled environment first.Like a lobster shell, security has layers — review code before you run it.
Current versionv3.0.0
Download zipchineselatestproductivity
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
dex-aggregator
Aggregate DEX prices and DeFi protocol data using DeFiLlama API. Use when comparing token prices. Requires curl.
Commands
tvl
scripts/script.sh tvl <protocol>
protocols
scripts/script.sh protocols
trending
scripts/script.sh trending
gas
scripts/script.sh gas
watchlist
scripts/script.sh watchlist
add-watch
scripts/script.sh add-watch <token>
Data Storage
Data stored in ~/.local/share/dex-aggregator/.
Powered by BytesAgain | bytesagain.com | hello@bytesagain.com
Files
4 totalSelect a file
Select a file to preview.
Comments
Loading comments…