web3-protocol-gtm
v0.2.1Go-to-market strategy for web3 builders - protocols, products, services, and solo founders. Use when planning growth for a crypto protocol, building develope...
⭐ 0· 35·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and large SKILL.md content all align: the package is a GTM/playbook for web3 protocols, developer relations, CT, hackathons, token launches, etc. There are no unrelated requirements (no binaries, env vars, or install steps) that contradict the stated purpose.
Instruction Scope
The SKILL.md is lengthy and practical; it stays on-topic. However it explicitly describes 'agentic' behaviors (monitor GitHub, follow up automatically, send outreach/DMs, trigger workshops, post on CT/X) — the document encourages networked automation and outbound actions. The skill itself does not include code to perform those actions, but an agent using this content could be instructed to perform sensitive network operations if given permissions.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute; lowest installation risk—nothing is downloaded or written by an installer.
Credentials
The skill requests no environment variables or credentials. That said, many recommended operations (posting on X, sending DMs, monitoring Discord/Telegram/GitHub, submitting grant apps, using Stripe/x402) typically require API keys or tokens in practice. If you enable automation, the agent may ask for or attempt to use such credentials—be cautious about scope and which secrets you provide.
Persistence & Privilege
always:false and no install means it will not persistently modify agent settings. Nevertheless, the playbook promotes autonomous agent workflows (Agentic DevRel, automated outreach). If the agent platform grants this skill (or the agent) outbound network privileges or API credentials, it could act autonomously in ways that impact accounts or reputation—exercise human-in-the-loop controls.
Assessment
This skill appears to be what it says: a web3 GTM playbook and reference library. It does not itself request credentials or install code. Before enabling any automation suggested by the playbook, decide how much outbound action you want an agent to take. Do not provide high-privilege API keys (social media posting tokens, full GitHub write keys, Stripe full-access keys) unless absolutely necessary. If you must supply tokens, use limited-scope tokens or dedicated service accounts, enable rate limits and monitoring, and require human approval for mass outreach or posting. Consider running any automated monitoring or outreach in a sandbox or read-only mode first. Finally, confirm compliance with platform terms (X/Twitter, Discord, Telegram, grant programs) before automating actions that send messages or submit applications.Like a lobster shell, security has layers — review code before you run it.
latestvk977rtnpp4q4pvj1redpf0sgj9845yc5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.