← Back to Skills Marketplace
shaiss

Near Dca

by shaiss · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1114
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install near-dca
Description
Dollar-cost averaging for NEAR tokens with flexible scheduling, performance tracking, and cancellation support.
Usage Guidance
This skill appears to implement the described DCA functionality, but exercise caution before installing or providing secrets. Key points to consider: - Do not supply real private keys to the skill until you verify how the host stores them. The code accepts both config-stored and per-call private_key parameters and README examples show plaintext config values — which is insecure. - The skill's manifest does not declare required credentials even though the code uses account_id/private_key; that mismatch can lead to accidental secret placement in plaintext files. Prefer using OpenClaw's secure credential storage (or hardware wallets / read-only flows) instead of putting keys in config files. - There are inconsistent storage locations in docs and code (~/.near-dca/plans.json vs ./data/dca_state.json). Verify where state will be written on your machine and sandbox the skill (or inspect/modify paths) if you want the data in a specific secure location. - The code simulates swaps (mock price fetch and fake tx hashes) rather than performing real network calls, which is safer for review, but also means you should confirm any production-version network interactions before trusting it with funds. - The packaged test state file appears malformed/duplicated — a sign of sloppy packaging. If you proceed, run the tests in a sandboxed environment first and review the code paths that would perform real network calls or use private keys. If you need this functionality, request from the maintainer that the skill declare required credentials in its manifest, remove plaintext private_key examples from README, support secure credential retrieval, and document exactly where state and history are written.
Capability Analysis
Type: OpenClaw Skill Name: near-dca Version: 1.0.0 The skill is classified as suspicious due to its core functionality requiring direct handling of a user's blockchain private key for executing financial transactions (DCA purchases) in `actions/index.js` and `src/dca-manager.js`. While this capability is plausibly needed for the stated purpose of automating NEAR token purchases and the `README.md` advises secure storage, the direct use of such a high-value credential constitutes a significant inherent risk. There is no evidence of intentional malicious behavior like exfiltration or unauthorized use, nor any prompt injection attempts in the documentation.
Capability Assessment
Purpose & Capability
The code and metadata implement a NEAR DCA manager and associated CLI/actions as described, which legitimately needs account_id and private_key to execute swaps. However, the published manifest (requires.env) declares no required credentials and the SKILL.md/skill.yaml/README disagree about storage paths and configuration keys. Requiring private keys to perform swaps is expected for this purpose, but the skill fails to declare or enforce secure credential handling in its manifest — an incoherence.
Instruction Scope
Runtime instructions and the CLI (scripts/dca.js and SKILL.md) focus on creating/listing/cancelling DCA plans and referencing a local plans file (~/.near-dca/plans.json). The actual manager uses a configurable storage_path (default ./data/dca_state.json) and the README shows storing account_id/private_key in OpenClaw config. The scope is appropriate for DCA, but the documentation/code mismatch about storage locations and where credentials are read from is confusing and could lead to accidental plaintext key storage.
Install Mechanism
This is instruction-only (no install spec). Code files are included in the package and dependencies are minimal (bignumber.js). There are no remote download URLs or extract operations in the provided metadata, so install mechanism risk is low based on available info.
Credentials
The implementation accepts and uses account_id and private_key to perform swaps (DCAManager.executePurchase and NEARIntegration.executeSwap). Yet the skill declares no required environment variables/primary credential and the manifest doesn't require secure credential storage. The README suggests putting private_key in config (a plaintext example). Actions also accept private_key in params, increasing risk of accidental secret exposure. Requesting/using private keys is proportionate to the DCA purpose, but omitting any declared secret requirement and providing examples that encourage insecure storage is a notable mismatch and risk.
Persistence & Privilege
The skill does not request always:true and uses local JSON files for state. It defines a scheduled trigger (*/5 * * * *) that will run the executor periodically — expected for automation but worth noting because scheduled execution combined with private-key usage increases impact if misconfigured. The skill does not modify other skills or system-wide settings in the provided code.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install near-dca
  3. After installation, invoke the skill by name or use /near-dca
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of near-dca skill: - Provides flexible dollar-cost averaging (DCA) for NEAR tokens. - Supports creating, listing, and canceling DCA plans. - Tracks DCA performance and purchase history. - Allows flexible scheduling (daily, weekly, biweekly, monthly). - Requires DEX integration and scheduling setup for full automation.
Metadata
Slug near-dca
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Near Dca?

Dollar-cost averaging for NEAR tokens with flexible scheduling, performance tracking, and cancellation support. It is an AI Agent Skill for Claude Code / OpenClaw, with 1114 downloads so far.

How do I install Near Dca?

Run "/install near-dca" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Near Dca free?

Yes, Near Dca is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Near Dca support?

Near Dca is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Near Dca?

It is built and maintained by shaiss (@shaiss); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments