Plugin router for 20 supported third-party DeFi protocols (Polymarket, Aave, Hyperliquid, PancakeSwap, Morpho, Raydium, Curve, Compound, Pendle, Lido, ether....
Security Analysis
medium confidenceThe skill is internally consistent with being a router/launcher for third‑party DeFi plugins: it contains routing rules and forwards user intent to other plugins (which actually perform trades); it requests no credentials or installs itself, though some details about how plugins are installed are left implicit.
The name/description (a DApp/plugin router for many DeFi protocols) matches the SKILL.md's routing rules and triggers. It claims to 'install' and forward prompts to other plugins — which is coherent for a bootstrap/router layer — but the SKILL.md does not include a platform-level install spec or explicit instructions for how the agent performs the plugin installation (it references a GitHub Contents API probe). This is an implementation detail gap, not necessarily malicious, but worth noting.
The instructions focus on matching user utterances to supported DApps/tokens and routing to the appropriate plugin. They do not (in the excerpt provided) direct the agent to read unrelated files or exfiltrate secrets. They do, however, enable forwarding user prompts that can cause trades/bets/transfers because those actions are delegated to the target plugins — this is expected for the stated purpose but increases operational risk and requires the user to trust downstream plugins.
This is an instruction-only skill with no install spec and no code files, which is low risk. The SKILL.md refers to probing plugin-store/catalog (GitHub Contents API) and on-demand installs, but provides no raw-download URLs or custom installers. The absence of an install script is consistent with a bootstrap/dispatcher that relies on the platform's plugin installation APIs.
The skill declares no required environment variables, no credentials, and no config paths. That aligns with its role as a router — it defers wallet/auth responsibilities to other plugins (the SKILL.md explicitly references separate wallet/portfolio plugins).
always is false and model invocation is allowed (platform defaults). The skill does not request permanent/always-on privileges or modify other skills' configs in the provided excerpt.
Guidance
This skill is a dispatcher that resolves user mentions of DApps/tokens and forwards the request to the appropriate third‑party plugin, which then performs actions (trades, bets, transfers). It does not request credentials itself, but installed plugins may require wallet access or API keys — review any plugin's quickstart and permission prompts before approving installation. Pay special attention to pump.fun and other high‑risk WRITE intents: the skill treats those as routine installs but those operations carry financial and legal risk. If you need stronger assurance, ask for the full SKILL.md and explicit platform install steps (how the agent installs plugins and what approval prompts are shown), and review the target plugins' permissions and source (repository/homepage) before enabling automated routing.
Latest Release
v2.6.0
**v2.6.0 Summary:** Expanded protocol and token support with improved routing logic and clarified firing/anti-trigger rules. - Now supports 20 third-party DeFi protocols, each with protocol-native tokens for streamlined plugin routing. - Enhanced and clarified routing patterns: direct action, DApp comparison, Polymarket betting, protocol-native token actions, and pump.fun write intents. - Expanded anti-trigger logic to avoid plugin launches on research, read-only data, or conceptual queries. - Confidence framework formalized for precise routing and clarification handling. - Updated DApp and token trigger lists; detailed edge-case routing and fallback behavior now documented.
More by @ok-james-01
Published by @ok-james-01 on ClawHub
