← Back to Skills Marketplace
118
Downloads
1
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install pacman-hedera
Description
Autonomous AI agent for DeFi on Hedera — natural language trading, portfolio management, Power Law BTC rebalancing, HCS signal publishing, limit orders, stak...
Usage Guidance
Do not provide your main PRIVATE_KEY or production account credentials yet. Key points to confirm before installing: (1) Ask the publisher for the missing runtime files (launch.sh, Python package, cli.main) and verify their contents; the SKILL.md claims these exist but the package doesn't include them. (2) If the skill downloads code at runtime, request the exact URLs and inspect them before allowing execution. (3) Test first with a read-only or testnet account (or a wallet with minimal funds) to confirm behavior and that the skill truly asks for confirmation prior to any write. (4) Prefer skills with a verifiable homepage, published source, and included code you can audit; absence of these is a red flag for software that will manage on-chain funds. (5) If you must proceed, run the skill in an isolated environment (VM/container) and consider using a hardware wallet or delegated signer instead of placing a raw PRIVATE_KEY in .env. If you want, I can draft specific questions to ask the publisher or a checklist to verify the missing files and runtime URLs.
Capability Analysis
Type: OpenClaw Skill
Name: pacman-hedera
Version: 5.0.1
The Pacman Hedera skill bundle describes an autonomous DeFi agent with high-risk capabilities, including shell command execution via a local launcher (`./launch.sh`), direct handling of sensitive credentials (`PRIVATE_KEY`), and interaction with external on-chain data (HCS). While the `SKILL.md` file contains extensive safety guardrails—such as a transfer whitelist, explicit prohibitions against modifying configuration files, and specific warnings against prompt injection from external HCS messages—the inherent risks of shell, network, and file access required for its stated purpose align with the criteria for a suspicious classification. No evidence of intentional malice or data exfiltration was found; however, the `backup-keys` command and the potential for shell injection via unvalidated user input in the CLI commands represent significant security surfaces.
Capability Assessment
Purpose & Capability
Name/description (Hedera DeFi agent) aligns with required env vars PRIVATE_KEY and HEDERA_ACCOUNT_ID and the declared need for python. However the SKILL.md claims it drives a local ./launch.sh that installs 'uv' and runs python -m cli.main — but the registry package contains no launch.sh or Python code. That mismatch suggests the skill cannot actually perform what it promises as-is, or that it expects to download/assemble code at runtime (not declared).
Instruction Scope
SKILL.md contains detailed runtime instructions and guardrails (e.g., never perform writes without explicit approval), and claims to enforce/require a .env and local data/config under ./data/.env. It also promises that credentials remain local and only Hedera/SaucerSwap endpoints are contacted, but this cannot be verified from the package contents. The file instructs running local installers and a Python CLI that don't exist in the bundle — this is a scope mismatch and could result in on-demand downloads or opaque behavior at runtime.
Install Mechanism
There is no declared install spec in the registry (instruction-only), but SKILL.md explicitly says a launcher will install 'uv' on first run and dispatch to Python code. Because no install steps are recorded in the registry and no code files are present, it implies either (a) required files are missing from the published package, or (b) the runtime will fetch and execute external code. Both cases raise risk: missing files means the skill is incomplete; fetching arbitrary code at runtime is higher risk and not auditable from the registry.
Credentials
The requested env vars (PRIVATE_KEY, HEDERA_ACCOUNT_ID, PACMAN_NETWORK) are consistent with a DeFi agent that must sign transactions on Hedera. That said, PRIVATE_KEY is a highly privileged secret. SKILL.md asserts credentials remain local, but with no included code to audit and an ambiguous logging/training pipeline mention, the claim cannot be independently verified. Recommend least-privilege testing (read-only/testnet keys) before providing mainnet keys.
Persistence & Privilege
always is false (good). The skill permits autonomous invocation by default (platform standard). Combined with access to a PRIVATE_KEY, autonomous invocation could be high impact if the skill actually executes writes — SKILL.md's internal guardrail requires confirmation for writes, but that is a behavioral rule in text and not a technical enforcement. No evidence the skill modifies other skills or system-wide configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pacman-hedera - After installation, invoke the skill by name or use
/pacman-hedera - Provide required inputs per the skill's parameter spec and get structured output
Version History
v5.0.1
**pacman-hedera 5.0.1 Changelog**
- Added `primaryEnv`, `requires.env`, and `configPaths` metadata for improved runtime/environment clarity.
- Updated skill description block to document runtime launcher behavior, env file enforcement, and credential scope.
- Enhanced Autonomy Policy: clarified difference between read and write ops and the confirmation flow.
- No functional changes to previous core logic or user interaction flows.
- No code or operational changes—documentation and metadata only.
v5.0.0
Your wallet. Your exchange. Your AI agent. Direct to blockchain (or hashgraph).
One conversation sets up your entire Hedera trading infrastructure. No logins, no SaaS, no custody risk. Just you, your agent, and the network.
-Autonomous DeFi agent with multi-account management, Power Law BTC rebalancing, HCS signals, and Hedera Wallet safety guardrails.
-This is the skill to be used WITH the Pacman CLI Application. Skills coupled with software are the new frontline in the agentic age. The combination of deterministic systems meeting ai agents driving tools is our answer to agentic slop and agents going off the rails.
- This skill introduces natural language portfolio management and swaps on Hedera via SaucerSwap V2 liquidity pools (no exchange interface between you and the hashgraph).
- Features advanced multi-account awareness (main/robot accounts) with clear user context. Robot account persists and offers limit order trading or persistent trading strategies for everyone to build and deploy. The future of index funds is self rebalancing.
- Implements robust Power Law WBTC/USDC rebalancing and daily HCS trading signal publishing as a sample strategy and data sharing that can be volunteered or charged for.
- This skill is detailed and helps you drive the Pacman application on your local computer from your OpenClaw Channel, like Telegram, or Discord.
Happy experimenting and building!
Metadata
Frequently Asked Questions
What is Pacman Hedera DeFi AI Agent?
Autonomous AI agent for DeFi on Hedera — natural language trading, portfolio management, Power Law BTC rebalancing, HCS signal publishing, limit orders, stak... It is an AI Agent Skill for Claude Code / OpenClaw, with 118 downloads so far.
How do I install Pacman Hedera DeFi AI Agent?
Run "/install pacman-hedera" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pacman Hedera DeFi AI Agent free?
Yes, Pacman Hedera DeFi AI Agent is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Pacman Hedera DeFi AI Agent support?
Pacman Hedera DeFi AI Agent is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).
Who created Pacman Hedera DeFi AI Agent?
It is built and maintained by Chris0x88 (@chris0x88); the current version is v5.0.1.
More Skills