← 返回 Skills 市场
118
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install pacman-hedera
功能描述
Autonomous AI agent for DeFi on Hedera — natural language trading, portfolio management, Power Law BTC rebalancing, HCS signal publishing, limit orders, stak...
安全使用建议
Do not provide your main PRIVATE_KEY or production account credentials yet. Key points to confirm before installing: (1) Ask the publisher for the missing runtime files (launch.sh, Python package, cli.main) and verify their contents; the SKILL.md claims these exist but the package doesn't include them. (2) If the skill downloads code at runtime, request the exact URLs and inspect them before allowing execution. (3) Test first with a read-only or testnet account (or a wallet with minimal funds) to confirm behavior and that the skill truly asks for confirmation prior to any write. (4) Prefer skills with a verifiable homepage, published source, and included code you can audit; absence of these is a red flag for software that will manage on-chain funds. (5) If you must proceed, run the skill in an isolated environment (VM/container) and consider using a hardware wallet or delegated signer instead of placing a raw PRIVATE_KEY in .env. If you want, I can draft specific questions to ask the publisher or a checklist to verify the missing files and runtime URLs.
功能分析
Type: OpenClaw Skill
Name: pacman-hedera
Version: 5.0.1
The Pacman Hedera skill bundle describes an autonomous DeFi agent with high-risk capabilities, including shell command execution via a local launcher (`./launch.sh`), direct handling of sensitive credentials (`PRIVATE_KEY`), and interaction with external on-chain data (HCS). While the `SKILL.md` file contains extensive safety guardrails—such as a transfer whitelist, explicit prohibitions against modifying configuration files, and specific warnings against prompt injection from external HCS messages—the inherent risks of shell, network, and file access required for its stated purpose align with the criteria for a suspicious classification. No evidence of intentional malice or data exfiltration was found; however, the `backup-keys` command and the potential for shell injection via unvalidated user input in the CLI commands represent significant security surfaces.
能力评估
Purpose & Capability
Name/description (Hedera DeFi agent) aligns with required env vars PRIVATE_KEY and HEDERA_ACCOUNT_ID and the declared need for python. However the SKILL.md claims it drives a local ./launch.sh that installs 'uv' and runs python -m cli.main — but the registry package contains no launch.sh or Python code. That mismatch suggests the skill cannot actually perform what it promises as-is, or that it expects to download/assemble code at runtime (not declared).
Instruction Scope
SKILL.md contains detailed runtime instructions and guardrails (e.g., never perform writes without explicit approval), and claims to enforce/require a .env and local data/config under ./data/.env. It also promises that credentials remain local and only Hedera/SaucerSwap endpoints are contacted, but this cannot be verified from the package contents. The file instructs running local installers and a Python CLI that don't exist in the bundle — this is a scope mismatch and could result in on-demand downloads or opaque behavior at runtime.
Install Mechanism
There is no declared install spec in the registry (instruction-only), but SKILL.md explicitly says a launcher will install 'uv' on first run and dispatch to Python code. Because no install steps are recorded in the registry and no code files are present, it implies either (a) required files are missing from the published package, or (b) the runtime will fetch and execute external code. Both cases raise risk: missing files means the skill is incomplete; fetching arbitrary code at runtime is higher risk and not auditable from the registry.
Credentials
The requested env vars (PRIVATE_KEY, HEDERA_ACCOUNT_ID, PACMAN_NETWORK) are consistent with a DeFi agent that must sign transactions on Hedera. That said, PRIVATE_KEY is a highly privileged secret. SKILL.md asserts credentials remain local, but with no included code to audit and an ambiguous logging/training pipeline mention, the claim cannot be independently verified. Recommend least-privilege testing (read-only/testnet keys) before providing mainnet keys.
Persistence & Privilege
always is false (good). The skill permits autonomous invocation by default (platform standard). Combined with access to a PRIVATE_KEY, autonomous invocation could be high impact if the skill actually executes writes — SKILL.md's internal guardrail requires confirmation for writes, but that is a behavioral rule in text and not a technical enforcement. No evidence the skill modifies other skills or system-wide configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pacman-hedera - 安装完成后,直接呼叫该 Skill 的名称或使用
/pacman-hedera触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v5.0.1
**pacman-hedera 5.0.1 Changelog**
- Added `primaryEnv`, `requires.env`, and `configPaths` metadata for improved runtime/environment clarity.
- Updated skill description block to document runtime launcher behavior, env file enforcement, and credential scope.
- Enhanced Autonomy Policy: clarified difference between read and write ops and the confirmation flow.
- No functional changes to previous core logic or user interaction flows.
- No code or operational changes—documentation and metadata only.
v5.0.0
Your wallet. Your exchange. Your AI agent. Direct to blockchain (or hashgraph).
One conversation sets up your entire Hedera trading infrastructure. No logins, no SaaS, no custody risk. Just you, your agent, and the network.
-Autonomous DeFi agent with multi-account management, Power Law BTC rebalancing, HCS signals, and Hedera Wallet safety guardrails.
-This is the skill to be used WITH the Pacman CLI Application. Skills coupled with software are the new frontline in the agentic age. The combination of deterministic systems meeting ai agents driving tools is our answer to agentic slop and agents going off the rails.
- This skill introduces natural language portfolio management and swaps on Hedera via SaucerSwap V2 liquidity pools (no exchange interface between you and the hashgraph).
- Features advanced multi-account awareness (main/robot accounts) with clear user context. Robot account persists and offers limit order trading or persistent trading strategies for everyone to build and deploy. The future of index funds is self rebalancing.
- Implements robust Power Law WBTC/USDC rebalancing and daily HCS trading signal publishing as a sample strategy and data sharing that can be volunteered or charged for.
- This skill is detailed and helps you drive the Pacman application on your local computer from your OpenClaw Channel, like Telegram, or Discord.
Happy experimenting and building!
元数据
常见问题
Pacman Hedera DeFi AI Agent 是什么?
Autonomous AI agent for DeFi on Hedera — natural language trading, portfolio management, Power Law BTC rebalancing, HCS signal publishing, limit orders, stak... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 118 次。
如何安装 Pacman Hedera DeFi AI Agent?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pacman-hedera」即可一键安装,无需额外配置。
Pacman Hedera DeFi AI Agent 是免费的吗?
是的,Pacman Hedera DeFi AI Agent 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pacman Hedera DeFi AI Agent 支持哪些平台?
Pacman Hedera DeFi AI Agent 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。
谁开发了 Pacman Hedera DeFi AI Agent?
由 Chris0x88(@chris0x88)开发并维护,当前版本 v5.0.1。
推荐 Skills