← Back to Skills Marketplace
fabriziogianni7

Pond3r Skill - Query Onchain Data

by fabriziogianni7 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
725
Downloads
2
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install pond3r-skill
Description
Query crypto intelligence via Pond3r MCP — curated datasets, SQL queries, protocol metrics, yields, and market analysis. Use when the agent needs DeFi data, stablecoin yields, token opportunities, Polymarket trades, cross-protocol comparisons, or blockchain analytics.
Usage Guidance
This skill is coherent with its stated function (read-only queries to Pond3r) but before installing: 1) Confirm the skill publisher/source and trust the Pond3r domains (makeit.pond3r.xyz, mcp.pond3r.xyz, api.pond3r.xyz). 2) Expect to provide a POND3R_API_KEY even though the registry metadata omits it — verify the key is read-only and scoped appropriately. 3) If you run the included scripts, Node must be available and the agent will need outbound network access to mcp.pond3r.xyz. 4) Be careful with the --sql-file option: it will read whatever file path is supplied; avoid letting the agent choose arbitrary local file paths or storing sensitive secrets in .env files accessible to the agent process. 5) If you need stronger guarantees, ask the publisher for a homepage/source repo, request that the registry metadata be corrected to list POND3R_API_KEY, and test the skill in an isolated environment before granting it access to production credentials.
Capability Analysis
Type: OpenClaw Skill Name: pond3r-skill Version: 1.0.0 The skill is highly susceptible to prompt injection and SQL injection vulnerabilities. The `SKILL.md` instructs the agent to execute `node` scripts, specifically `scripts/query.mjs`, with user-provided SQL queries. The `query.mjs` script directly passes this SQL (from `--sql` argument or `--sql-file`) to the external Pond3r MCP API (`https://mcp.pond3r.xyz/mcp`). While the documentation claims 'SELECT only' and 'bare table names' are enforced, this design allows an attacker to craft malicious SQL via prompt injection, potentially leading to data exfiltration or reconnaissance against the Pond3r backend. Furthermore, the agent is instructed to 'Parse the JSON output and summarize for the user,' which means any successfully exfiltrated data would be presented.
Capability Assessment
Purpose & Capability
Name/description match the code and instructions: this is a Pond3r MCP client for read-only SQL queries against crypto datasets. However the published registry metadata claims no required environment variables or primary credential, while both SKILL.md and all scripts require POND3R_API_KEY at runtime. That mismatch is a meaningful inconsistency (the skill will fail or prompt for an undeclared secret).
Instruction Scope
SKILL.md and the bundled scripts stay inside the described scope: they call the MCP endpoint (https://mcp.pond3r.xyz/mcp), list datasets, get schemas, and run read-only queries. Two points to note: (1) the CLI supports --sql-file <path> and will read arbitrary local files when you use that option (so be careful what file paths are passed to the script), and (2) SKILL.md instructs installing the API key into runtime configs or a .env file — ensure those storage choices meet your security requirements.
Install Mechanism
There is no remote installer or download step — the skill is instruction-only and includes small Node scripts. No external archives or third-party package installs are invoked by the skill itself. Node and network access are required to run the scripts.
Credentials
The skill requires a single API credential (POND3R_API_KEY) to authenticate to Pond3r MCP and Pond3r APIs (reference.md shows api.pond3r.xyz usage). That credential is proportionate to the stated purpose, but the skill's declared metadata does not list it. Verify the key's scope/permissions (read-only is appropriate). Also confirm you are comfortable storing that key in the runtime's MCP config or a .env file accessible to the agent process.
Persistence & Privilege
The skill is not marked always:true, doesn't request system-wide configuration changes, and contains no code that modifies other skills. It requires network access to Pond3r endpoints and will retain a short-lived Mcp-Session-Id header for sessioning, which is normal for a client.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install pond3r-skill
  3. After installation, invoke the skill by name or use /pond3r-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Pond3r-skill v1.0.0 - Initial release enabling agents to query crypto/DeFi intelligence via the Pond3r MCP. - Supports yield data, protocol metrics, token opportunities, and market analysis. - Provides integration instructions for Cursor, Claude Code, Claude Desktop, and OpenClaw runtimes. - CLI scripts included for MCP access when native tools are not available. - Detailed workflow and troubleshooting guidance for both API key setup and runtime requirements. - Strict rules for query execution, evidence reporting, and fallback behavior.
Metadata
Slug pond3r-skill
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Pond3r Skill - Query Onchain Data?

Query crypto intelligence via Pond3r MCP — curated datasets, SQL queries, protocol metrics, yields, and market analysis. Use when the agent needs DeFi data, stablecoin yields, token opportunities, Polymarket trades, cross-protocol comparisons, or blockchain analytics. It is an AI Agent Skill for Claude Code / OpenClaw, with 725 downloads so far.

How do I install Pond3r Skill - Query Onchain Data?

Run "/install pond3r-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Pond3r Skill - Query Onchain Data free?

Yes, Pond3r Skill - Query Onchain Data is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Pond3r Skill - Query Onchain Data support?

Pond3r Skill - Query Onchain Data is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Pond3r Skill - Query Onchain Data?

It is built and maintained by fabriziogianni7 (@fabriziogianni7); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments