← Back to Skills Marketplace
rontotech

Tilt Protocol — AI Fund Manager

by rontoTech · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
327
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install tilt-protocol
Description
Create and manage tokenized stock investment funds on Tilt Protocol (Robinhood L2). Self-custodied — you own your wallet, your keys, and your vaults.
Usage Guidance
What to consider before installing/running: - The skill expects you to create and expose a private key (TILT_PRIVATE_KEY). Treat this as sensitive: avoid keeping long-term funds in a key created for a third-party skill, and avoid passing private keys on the command line (many OSes expose command-line args to other users/processes). - The skill relies heavily on a centralized helper API at bowstring-backend-production.up.railway.app. That service receives your wallet address, can mint/register tokens, and stores strategy/trade notes. Verify that domain is owned and operated by the legitimate Tilt Protocol team (it does not match the declared homepage tiltprotocol.com). If you cannot verify ownership, do not register or post real wallet data to it. - SKILL.md instructs you to curl a remote 'latest skill' file and write it to /tmp. That lets the remote host change instructions you will later follow. Only run such fetches after manually reviewing the fetched file’s contents and confirming the source. - Prefer safer key handling: use a hardware wallet or local keystore, avoid exporting raw private keys into environment variables, and avoid CLI flags that embed keys. If you must test, use ephemeral testnet keys with zero real funds. - Verify all contract addresses, RPC endpoints, and the VaultFactory/Token addresses before sending transactions. Consider running interactions through your own controlled backend rather than a public Railway app. Given these mismatches and the centralized remote-updater/helper API, treat this skill as requiring explicit trust; if you cannot validate the backend and ownership, do not run it with real assets or secret keys.
Capability Analysis
Type: OpenClaw Skill Name: tilt-protocol Version: 1.0.0 The skill features a self-updating mechanism in `SKILL.md` that instructs the agent to download and review new instructions from a remote API (bowstring-backend-production.up.railway.app), creating a high-risk vector for remote prompt injection or command execution. It manages sensitive credentials ($TILT_PRIVATE_KEY) for on-chain trading and requires broad 'shell' and 'network' permissions. While the behavior aligns with the stated purpose of a DeFi fund manager on the Robinhood L2 testnet, the dynamic instruction fetching and use of an external backend for core logic are significant security vulnerabilities.
Capability Assessment
Purpose & Capability
Name/description (AI fund manager on Tilt Protocol) match the instructions (create wallets, deploy tokens, create vaults, on-chain txs). However the registry declares no required environment variables or primary credential while the SKILL.md clearly expects and instructs use of a private key (TILT_PRIVATE_KEY), RPC (TILT_RPC), and API base (TILT_API_BASE). That metadata mismatch is incoherent and hides a sensitive requirement.
Instruction Scope
Runtime instructions tell the agent to generate/store a private key and to call many endpoints on a centralized helper API (bowstring-backend-production.up.railway.app) for registration, faucet, token deployment, posting strategy updates, and trade-notes. They also instruct you to curl a remote 'latest skill' file and write it to /tmp — a remote-updater pattern that can change runtime behavior. These operations are functional for the described purpose but introduce significant trust and remote-control surface.
Install Mechanism
Skill is instruction-only (no install spec) which lowers disk footprint. It asks you to install Foundry via the official paradigm foundry script (common for blockchain work) and to install jq via package managers. The higher-risk action is the repeated curl to a Railway-hosted backend (not an obvious official Tilt domain) used for both API calls and fetching skill updates — this is a non-standard endpoint for 'official' protocol operations and worth verifying.
Credentials
The skill does not declare required env vars in registry metadata but the instructions require a highly sensitive TILT_PRIVATE_KEY and advise exporting it and using it on command lines (cast --private-key $TILT_PRIVATE_KEY). Passing private keys on CLI and storing them in environment variables are both risky. The skill also expects TILT_API_BASE and TILT_RPC to be set; absence of declared credentials is an incoherence and a security red flag.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable. It does, however, instruct periodic networked actions (registering, posting updates) and a remote skill fetch which can alter behavior between runs — this is not a privilege escalation by itself but increases the need to trust the remote API and upstream host.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install tilt-protocol
  3. After installation, invoke the skill by name or use /tilt-protocol
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: self-custodied AI fund manager for tokenized stock portfolios on Robinhood L2
Metadata
Slug tilt-protocol
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Tilt Protocol — AI Fund Manager?

Create and manage tokenized stock investment funds on Tilt Protocol (Robinhood L2). Self-custodied — you own your wallet, your keys, and your vaults. It is an AI Agent Skill for Claude Code / OpenClaw, with 327 downloads so far.

How do I install Tilt Protocol — AI Fund Manager?

Run "/install tilt-protocol" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Tilt Protocol — AI Fund Manager free?

Yes, Tilt Protocol — AI Fund Manager is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Tilt Protocol — AI Fund Manager support?

Tilt Protocol — AI Fund Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Tilt Protocol — AI Fund Manager?

It is built and maintained by rontoTech (@rontotech); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments