ClawHub

Clicks Protocol

v1.1.0

Integrate autonomous USDC yield into AI agent projects on Base. Query live APY, inspect agent treasury state, simulate payment splits, use the MCP server, an...

0· 156·0 current·0 all-time
by@protogenosone
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (DeFi yield and agent treasury tooling on Base) match the included files: SKILL.md describes read/write flows and the script performs read-only JSON-RPC calls to the Clicks MCP server. Required binaries (curl, jq) are appropriate for the provided shell tool.
Instruction Scope
Runtime instructions and the script are limited to querying an external MCP HTTP endpoint with agent addresses and amounts. The SKILL.md documents write flows via an SDK and a local MCP server that would require a signer/private key — those are documented as developer actions, not performed by the included script. No instructions ask the agent to read unrelated local files, system secrets, or unlisted environment variables.
Install Mechanism
No install spec; this is instruction-only plus a small shell script. No downloads or archive extraction are included by the skill itself (lowest-risk install footprint).
Credentials
Skill declares no required environment variables or credentials. The README warns that write operations need a signer/private key if you run a local mcp-server — that is a legitimate requirement for on‑chain writes and is not requested by the skill itself.
Persistence & Privilege
Skill does not request always:true and is user-invocable only. Default autonomous invocation is allowed (platform default) and is not combined with broad credential access or other concerning privileges.
Assessment
This skill queries a third‑party MCP server (https://mcp.clicksprotocol.xyz) and will send agent addresses and amounts to that endpoint — that is necessary for its functionality. Before using it: (1) verify you trust the external MCP endpoint and the Clicks team; (2) do not send private keys or wallet seed phrases to remote services; write operations require a signer/private key and should be run locally or with a trusted provider; (3) audit the referenced SDK (npm/@clicks-protocol/sdk) and mcp-server packages before installing or running them; (4) confirm the contract addresses on Basescan if you plan to interact on-chain. If you only need read-only info, the included script is read-only and consistent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

agentvk974ky7zf8h944d278m08a91cn83na6jbasevk974ky7zf8h944d278m08a91cn83na6jcryptovk974ky7zf8h944d278m08a91cn83na6jdefivk974ky7zf8h944d278m08a91cn83na6jlatestvk9762dqwggrzq3t3gqd7ds9xbd843r7zmcpvk974ky7zf8h944d278m08a91cn83na6jtreasuryvk974ky7zf8h944d278m08a91cn83na6jusdcvk974ky7zf8h944d278m08a91cn83na6jyieldvk974ky7zf8h944d278m08a91cn83na6j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSLinux · macOS · Windows
Binscurl, jq

Comments