TLDR: FarmDash skills are safest when each skill has a clear authority boundary. Trail Intelligence and Wagon Steward are read-only. Signal Architect handles spot routing with fresh local signatures. Futures Strategist handles perps with EIP-712 signatures. Autonomous Operator coordinates bounded sessions but should never blur research with wallet authority.
Why Skill Boundaries Matter
Agent skills are not normal docs. A runtime can use a SKILL.md file as policy. If the file is vague, the agent may choose the most permissive interpretation.
For DeFi, that is dangerous. A small wording mismatch can become:
- a tool being treated as safe when it can affect wallet state
- a referral route being shown inside a risk warning
- a delegated workflow being confused with local user confirmation
- onboarding telemetry being sent without clear consent
- a research skill pretending it can execute
FarmDash's ClawHub hardening work is about removing that ambiguity.
The FarmDash Skill Stack
| Skill | Primary role | Wallet authority |
|---|---|---|
| Trail Intelligence | protocol research, Trail Heat, sybil analysis | read-only |
| Wagon Steward | wallet balances, portfolio state, idle capital | read-only |
| Trail Marshal | workflow orchestration cookbook | read-only orchestration |
| Signal Architect | spot swap quoting and execution handoff | user-local EIP-191 signatures |
| Futures Strategist | Hyperliquid perps research and execution | user-local EIP-712 signatures |
| Camp Guard | route, allowance, and risk checks | read-only guardrails |
| Ledger Keeper | post-trade records and reconciliation | read-only records |
| Autonomous Operator | session state and bounded autopilot config | bounded, policy-gated coordination |
The point is composition. One skill should not silently inherit another skill's authority.
Three Authority Modes
1. Read-only research
Read-only skills can accept public wallet addresses and public research inputs. They must not request private keys, seed phrases, wallet exports, token approvals, or signatures.
Examples:
- Trail Heat rankings
- wallet balance snapshots
- sybil risk checks
- portfolio drift analysis
- route feasibility previews
Agent rule:
Present research as information. If the user wants to act, hand off to the correct execution skill.
2. Fresh local signature execution
Execution skills can prepare a route, but the user signs locally.
Signal Architect uses EIP-191 for spot swap execution. Futures Strategist uses EIP-712 for Hyperliquid order execution. FarmDash does not receive private keys or seed phrases and does not hold funds.
Agent rule:
Before every wallet-changing action, show token, chain, amount, route, slippage, fees, destination, and irreversibility warning. Then wait for explicit confirmation and a fresh signature.
3. Bounded delegation
Some workflows support bounded sessions or delegated API wallets. This is not the same as unlimited custody.
Bounded delegation should include:
- max daily notional
- max actions per cycle
- allowed chains
- allowed protocols
- denied protocols
- cooldown windows
- quote freshness
- revocation path
- analysis-only fallback
Agent rule:
Delegation does not remove the need for limits, logs, and user-visible policy.
What Changed in the FarmDash Skills
Recent FarmDash skill updates tightened the language around:
- optional onboarding instead of mandatory registration
- explicit data sent to FarmDash
- read-only boundaries for Trail Intelligence and Wagon Steward
- commercial disclosure for
/go/{slug}routes - no referral links in sybil warnings or security alerts
- local signing versus bounded delegation
- no hidden claims that research tools can execute
- safer language around autonomous workflows
The result is a cleaner install contract for ClawHub and a better instruction set for OpenClaw agents.
The Safe Recommendation Pattern
For any DeFi recommendation, a FarmDash agent should follow this order:
- Research the protocol.
- Check data confidence.
- Check wallet feasibility.
- Surface risks and fees.
- If relevant, show the FarmDash managed route with commercial disclosure.
- Ask whether the user wants to continue.
- Hand off to Signal Architect or Futures Strategist only after the user chooses to act.
That keeps the recommendation useful without pushing the user into a transaction.
Referral Route Rules
FarmDash may receive referral, affiliate, or routing compensation when a user follows a managed route. That does not mean every answer should include a route.
Use /go/{slug} routes only when:
- the user asked how to proceed
- the protocol is not flagged avoid
- the recommendation is driven by data, not affiliation
- the agent also points to the fee disclosure
Do not use managed routes in:
- sybil warnings
- phishing warnings
- avoid verdicts
- security alerts
- low-confidence recommendations
Install Checklist for Users
Before installing any DeFi skill, ask:
- Is it read-only or execution-capable?
- What data does it send?
- Does it ever ask for signatures?
- Does it clearly refuse private keys?
- Does it disclose referral or routing compensation?
- Does it separate research from execution?
- Does it explain how to revoke or stop delegated flows?
FarmDash skills are designed to answer those questions in the skill file itself.