ClawHub

Arcadia Finance

v1.0.5

DeFi liquidity management on Uniswap and Aerodrome, live on Base and Unichain. Deploy LP positions with automated rebalancing, compounding, yield optimizatio...

2· 130·0 current·0 all-time
by@thomas-smets
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (DeFi liquidity management) match the included files: a CLI script, contract addresses, and signing guidance. Required binaries (curl, jq) and no required env vars are appropriate for a simple HTTP-based CLI.
Instruction Scope
SKILL.md confines operations to calling the MCP API and working with public addresses/tx parameters. It explicitly returns unsigned transactions and warns not to pass private keys. The runtime script only reads ARCADIA_MCP_URL (optional), validates JSON args, and posts to the MCP endpoint — no filesystem or secret access beyond a temporary headers file.
Install Mechanism
There is no install spec; the skill is instruction + a small shell script. No remote downloads or archive extraction are performed by the skill itself, minimizing install-time risk.
Credentials
The skill requests no credentials or config paths. It honors an optional ARCADIA_MCP_URL override; no other environment variables are read. The lack of credential requests is proportionate to its advertised function.
Persistence & Privilege
always is false and the skill does not request persistent or cross-skill configuration. Autonomous invocation is allowed (platform default) but not combined with any elevated privileges or hidden behaviors.
Assessment
This skill appears to do what it says: a thin CLI that forwards requests to Arcadia's MCP server and returns unsigned transactions. Before installing: (1) Confirm you trust https://mcp.arcadia.finance (consider inspecting network requests or using a local/private MCP during testing); (2) never pass private keys or seed phrases as tool arguments — use a non-custodial wallet/MCP signer (the skill's docs list recommended signers); (3) test with read-only commands first (e.g., read_strategy_list, read_account_info) and verify the contract addresses in contracts.md match official docs; (4) if you need higher assurance, run the script locally, review its network calls, or replace ARCADIA_MCP_URL with a proxy you control. Overall, the skill is coherent and does not request disproportionate access.

Like a lobster shell, security has layers — review code before you run it.

latestvk978wgxzb0p7rf8ggkaz043s0d8387nk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, jq

Comments