← Back to Skills Marketplace
prayingperceptions

Jubilee Skill, By Jubilee Labs

by prayingperceptions · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
585
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-skill-jubilee
Description
Manage and grow your agent's treasury across Base, Solana, and Ethereum using Jubilee Protocol vaults for sustainable yield and principled spending.
Usage Guidance
Do not provide your private keys or place them at the documented wallet path. Before installing or running this skill: (1) Ask the publisher for the actual implementation code or an official package (the SKILL.md references npm scripts and lib/*.js but none are included). (2) Require the skill to declare required environment variables and config paths in metadata (RPC endpoints, signer method), and to explain how signing is performed securely (prefer external signer/hardware wallet or a scoped signing service instead of a raw privateKey file). (3) If you test, use a new wallet funded only with testnet tokens and a read‑only/watch wallet or a signer that requires manual approval for each transaction. (4) Verify the skill author's identity and provenance (unknown homepage and single owner id here). (5) Ask for code review or provide the skill only through an official, auditable release before entrusting any real funds.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-skill-jubilee Version: 0.1.0 This skill is classified as suspicious due to its inherent high-risk capabilities, which, while plausibly needed for its stated purpose of treasury management, present significant attack surfaces. Specifically, the `donate-yield` command allows transferring funds to arbitrary recipient addresses, posing a direct financial risk if exploited via prompt injection. Additionally, the `war-room` command's ability to analyze local git activity, including uncommitted changes, could lead to sensitive information leakage if the agent operates in a repository containing secrets. The skill also requires direct access to private keys for blockchain transactions, which is a critical security concern.
Capability Assessment
Purpose & Capability
The skill's stated purpose is on‑chain treasury management (deposits, withdrawals, transfers). The documentation references npm scripts and lib/*.js files to perform those actions, and it requires access to a wallet private key and RPC endpoints. However, the registry metadata declares no required environment variables, no config paths, no primary credential, and there are no code files in the package. That mismatch (documented capabilities that require private keys and code versus no declared permissions and no code) is a significant incoherence.
Instruction Scope
Runtime instructions instruct the agent to read a wallet JSON containing a raw privateKey at a specific path (~/.openclaw/.../agent_wallet.json), to use .env RPC variables, and to analyze local git activity for the 'war-room' report. Those actions involve reading sensitive local files and possibly signing transactions. The SKILL.md grants broad discretion (run npm scripts, reconfigure RPCs, read git state) without corresponding declared permissions — this expands scope beyond a safe, limited integration.
Install Mechanism
There is no install specification and no code files (instruction-only). That keeps the package from writing code to disk (lower install risk), but is also inconsistent because the SKILL.md describes npm scripts and library JS files that are absent. This could indicate an incomplete/packaged skill or omitted code — either a developer mistake or intentional omission. Because there is no downloaded code, the static scanner had nothing to analyze; you should demand the actual implementation before trusting the skill.
Credentials
Although the skill metadata lists no required environment variables or credentials, the instructions explicitly reference RPC_* variables and require a wallet JSON file containing a plaintext privateKey. Requesting raw private keys and RPC endpoints is highly sensitive and is disproportionate unless the skill explicitly declares and justifies that access (and documents secure signing practices). The lack of declared secrets in the metadata while the docs ask for a private key is a red flag.
Persistence & Privilege
The skill does not request 'always: true' and uses default autonomous invocation permissions (disable-model-invocation=false). Autonomous invocation combined with access to private keys would be high-risk, but the package currently doesn't declare any keys. Still, the SKILL.md's explicit instructions to place a private key at a filesystem path mean that if a user supplies a key, the skill (when invoked autonomously) could transact on‑chain. Treat autonomous use with keys as dangerous unless signing is restricted to a safe signer.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-skill-jubilee
  3. After installation, invoke the skill by name or use /openclaw-skill-jubilee
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Jubilee Protocol (Treasury Management) skill—initial release: - Enables OpenClaw agents to manage treasury funds sustainably via Jubilee Protocol vaults (jBTCi, jUSDi, jSOLi, jETHs). - Provides CLI tools for vault status, treasury balance, deposit, withdraw, yield donation, and strategic reporting ("war-room"). - Supports Base (mainnet) and testnet deployments on Solana and Ethereum. - Includes robust error handling, multi-chain treasury support, and test procedures. - Built with stewardship ethics: preserve principal, spend only yield, and maintain transparent, auditable management.
Metadata
Slug openclaw-skill-jubilee
Version 0.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Jubilee Skill, By Jubilee Labs?

Manage and grow your agent's treasury across Base, Solana, and Ethereum using Jubilee Protocol vaults for sustainable yield and principled spending. It is an AI Agent Skill for Claude Code / OpenClaw, with 585 downloads so far.

How do I install Jubilee Skill, By Jubilee Labs?

Run "/install openclaw-skill-jubilee" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Jubilee Skill, By Jubilee Labs free?

Yes, Jubilee Skill, By Jubilee Labs is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Jubilee Skill, By Jubilee Labs support?

Jubilee Skill, By Jubilee Labs is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Jubilee Skill, By Jubilee Labs?

It is built and maintained by prayingperceptions (@prayingperceptions); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments