Knab

The skill is internally consistent as a read‑only on‑chain research tool: it reads public RPC/explorer data via ethers and declares no credentials, but there are small inconsistencies in comments/ABI that warrant a quick code check before trusting it with signing privileges.

This skill appears to do what it claims: read public blockchain data for the listed vaults using ethers and public RPC endpoints, and it does not request credentials. Before installing, review the bundled dist/index.js for any code paths that construct wallets, call getSigner(), use process.env.* (PRIVATE_KEY, MNEMONIC, etc.), or POST data to external domains. The header comments and ABI include write‑method names and marketing text (deposit/refer), which is unexpected for a read‑only tool — ensure the agent or host environment will not expose any wallet or signing capability to the skill. If you plan to allow autonomous invocation with access to signing tools, re-check the full source for any functions that could be used to perform transactions.