ClawHub

Token Vesting

v1.0.2

Create and manage token vesting streams using the Sablier Lockup protocol (linear, dynamic, tranched).

0· 825·0 current·0 all-time
by@sneg55
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is for creating/managing Sablier vesting streams on EVM chains. Requiring an RPC URL, a signing credential (ETH_PRIVATE_KEY) and EVM tooling (cast/forge) is appropriate and expected.
Instruction Scope
SKILL.md stays on-topic (deploying/creating/managing streams) and includes clear rules to avoid leaking private keys. It shows examples using environment variables and Foundry keystore/hardware wallets. Note: the examples include exporting ETH_PRIVATE_KEY in a shell (acceptable for short-lived/test use) — users should prefer hardware wallets or encrypted keystores for mainnet.
Install Mechanism
No install spec (instruction-only), so nothing is downloaded or written by the skill itself — lower risk. The skill assumes the platform already has cast/forge available.
Credentials
Only ETH_RPC_URL and ETH_PRIVATE_KEY are required (primary credential ETH_PRIVATE_KEY). These are proportionate and necessary for signing and broadcasting transactions. No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill is not configured as always-on and has disable-model-invocation=true, reducing autonomous invocation risk. It does not request system-wide config changes or other skills' credentials.
Assessment
This skill appears internally consistent, but follow best practices before using it: (1) Never paste private keys into chat. Prefer a hardware wallet or an encrypted Foundry keystore for mainnet signing. (2) If you must use an environment variable, keep keys in ephemeral shells and rotate them after use. (3) Verify the target Sablier contract addresses and recipient addresses before sending funds; test on a testnet first. (4) Ensure your ETH_RPC_URL points to a trusted provider (avoid pasting provider API keys into public contexts). Installing this instruction-only skill does not add binaries to your system, but any transaction you sign will move real tokens — proceed cautiously.

Like a lobster shell, security has layers — review code before you run it.

arbitrumvk978wrdgg0v66bxrj3e15a7hax80wmvqbasevk978wrdgg0v66bxrj3e15a7hax80wmvqethereumvk978wrdgg0v66bxrj3e15a7hax80wmvqlatestvk9721tsft6e6aaxndkg4wyc3k580wreyonchainvk978wrdgg0v66bxrj3e15a7hax80wmvqtokensvk978wrdgg0v66bxrj3e15a7hax80wmvqvestingvk978wrdgg0v66bxrj3e15a7hax80wmvq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Any bincast, forge
EnvETH_RPC_URL
Primary envETH_PRIVATE_KEY

Comments