ClawHub

Morpho Base Operator

v0.1.0

Operate a Base-first Morpho vault workflow using a registry file to plan, snapshot, execute, and archive without dynamic market discovery.

0· 53·0 current·0 all-time
by@walioo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and instructions align: this is a narrowly scoped operator/runbook for running a registry-driven Morpho vault workflow on Base. The skill does not request unrelated services or credentials.
Instruction Scope
SKILL.md confines actions to verifying a registry file, snapshotting state, building a deterministic plan for registered markets, collecting an external signature, executing via a pinned MCP, and reconciling/archiving. It explicitly forbids dynamic market discovery in the write path and does not instruct reading unrelated system secrets.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or downloaded by the skill bundle itself.
Credentials
The skill requests no environment variables or credentials inside the bundle, and explicitly instructs the operator to supply RPC, operator private key, and vault identifiers outside the published bundle. This is proportionate to the described operator workflow but places the onus on the operator to protect those secrets; confirm they are never pasted into untrusted inputs.
Persistence & Privilege
always:false and no install behavior. The skill can be invoked autonomously by the agent platform (default behavior) but lacks embedded credentials or install steps that would give it persistent access to systems.
Assessment
This skill appears to be a coherent operator runbook rather than executable code, but you should: (1) verify the registry file and all pinned contract addresses before any write; (2) never paste or upload your operator private key or RPC credentials into the platform — keep signing offline or in a hardware wallet as the runbook instructs; (3) keep allowMainnetExecution=false until you manually sign off, and perform signature collection in an air-gapped or secure environment; (4) validate the origin/author of this skill before trusting it in production since the package source is unknown; and (5) if you plan any automation, restrict it to read-only rehearsal runs until you confirm all checks and factory/MCP pins are correct.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ac2vr6x2ampgqqk7a7d3bg183qzgj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments