← Back to Skills Marketplace
67
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install stablecoin-use-check
Description
A decision guide that helps users evaluate whether a stablecoin use case makes sense for them. Use when the user is considering holding or using a stablecoin...
Usage Guidance
This skill claims to be prompt-only but includes handler.py that reads a SKILL.md from a hardcoded directory (/Users/jianghaidong/.openclaw/skills/{skill_name}). That is inconsistent and could allow the skill to read files on the host. Before installing: (1) ask the author why handler.py must read local files and why a specific user path is hardcoded; (2) request removal of handler.py or that file reads be removed or sanitized (no absolute hardcoded home, no unsanitized skill_name); (3) if you must run it, do so in a sandboxed environment; (4) verify tests actually exercise file I/O — the provided test calls handle({}) but the handler will attempt to open a file, which is another inconsistency that should be resolved. If you don't trust the author or they cannot justify the file access, do not install.
Capability Analysis
Type: OpenClaw Skill
Name: stablecoin-use-check
Version: 1.0.0
The skill contains a hardcoded absolute file path in handler.py referencing a specific local user directory (/Users/jianghaidong/.openclaw/skills/), which leaks developer environment details and indicates poor security hygiene. While the SKILL.md content is a benign prompt-only guide for stablecoin evaluation, the handler logic is poorly constructed and potentially vulnerable to path traversal if the skill_name parameter is manipulated, even though no explicit exfiltration logic is present.
Capability Tags
Capability Assessment
Purpose & Capability
The SKILL.md describes a prompt-only decision guide with no platform integration, yet the repository contains handler.py that reads a SKILL.md from an absolute path under /Users/jianghaidong/.openclaw/skills/{skill_name}. Reading local files is not needed for a prompt-only guide and therefore does not align with the stated purpose.
Instruction Scope
The runtime instructions explicitly say 'Prompt-only, no platform integration', but handler.py attempts to open and read a local SKILL.md file. The SKILL.md instructions do not mention any file reads or accessing the user's filesystem. The handler accepts a skill_name and constructs an unsanitized path, which could enable reading unexpected files if manipulated.
Install Mechanism
There is no install specification (instruction-only), so nothing is written to disk by an installer. This is the lowest-risk install mechanism.
Credentials
The skill declares no environment variables or credentials, yet the code accesses a hardcoded user home path (/Users/jianghaidong/...). Accessing local configuration files is not declared in the metadata and is disproportionate to a prompt-only decision guide. The code also lacks path sanitization, raising potential file-access/exfiltration concerns.
Persistence & Privilege
The skill is not set to always:true and does not request persistent presence or modify other skills. There is no declared autonomous privilege escalation beyond the normal agent invocation model.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install stablecoin-use-check - After installation, invoke the skill by name or use
/stablecoin-use-check - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of stablecoin-use-check skill.
- Provides a structured decision guide for users considering stablecoin use.
- Assesses user goals, compares with alternatives, highlights key risks, and offers tailored fit recommendations.
- Addresses edge cases: long-term holding, cross-border transfers, and regulatory concerns.
- Delivered entirely via prompt; no platform integration or specific product endorsements.
Metadata
Frequently Asked Questions
What is Stablecoin Use Check?
A decision guide that helps users evaluate whether a stablecoin use case makes sense for them. Use when the user is considering holding or using a stablecoin... It is an AI Agent Skill for Claude Code / OpenClaw, with 67 downloads so far.
How do I install Stablecoin Use Check?
Run "/install stablecoin-use-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Stablecoin Use Check free?
Yes, Stablecoin Use Check is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Stablecoin Use Check support?
Stablecoin Use Check is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Stablecoin Use Check?
It is built and maintained by haidong (@harrylabsj); the current version is v1.0.0.
More Skills