Orderly Onboarding

v1.0.0

Agent onboarding for Orderly Network - omnichain perpetual futures infrastructure, MCP server, skills, and developer quickstart

⭐ 0· 190·0 current·0 all-time

byMario Reder@tarnadas

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name and description match the instructions: the SKILL.md focuses on onboarding, documentation search, SDK patterns, and installing an MCP server for Orderly development. Requested actions (adding client configs, running an MCP server via npx) align with an onboarding/dev tooling purpose.

ℹ

Instruction Scope

Instructions tell the user/agent to run 'npx @orderly.network/mcp-server' and to add local client configuration files (.mcp.json, .cursor/mcp.json, .vscode/mcp.json, ~/.codex/config.toml, etc.). They do not request unrelated credentials or system-level secrets. Running remote packages and writing local config files is within scope for a dev onboarding skill, but it will execute code fetched from the npm registry.

Install Mechanism

There is no formal install spec in the registry; the SKILL.md recommends using npx to fetch and run @orderly.network/mcp-server@latest. npx runs remote code from the npm registry at runtime — this is a common development pattern but carries risk because arbitrary code will be downloaded and executed. No package homepage or source is provided in the skill metadata, so the provenance of the npm package is not verifiable from this skill bundle alone.

✓

Credentials

The skill declares no required environment variables, no primary credential, and no required config paths. The instructions ask only for adding client configuration files in user or project directories, which is reasonable for an onboarding tool.

✓

Persistence & Privilege

The skill is instruction-only, has always:false, and does not request persistent system privileges. It instructs adding local config entries to enable an MCP server for an AI client, which is expected behavior for an onboarding/developer helper.

Assessment

This skill appears internally coherent for Orderly developer onboarding, but it tells you to run an npm package with npx (which will download and execute remote code). Before installing or running it: 1) verify the @orderly.network/mcp-server package on the npm registry and check its maintainer and repository; 2) inspect the package source (or pin a known-good version) rather than running @latest; 3) run it in an isolated/dev environment (container or VM) if you are unsure; 4) prefer installing from a verified project homepage or GitHub release when available. No credentials are requested by the skill itself, which reduces immediate exfiltration risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk973wqq00kt2k5pca89zyfr0qx82dfv0

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Orderly Onboarding

License

Comments