The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The run and auto commands utilize a --password command-line argument to decrypt the local wallet keystore. Providing sensitive passwords as plain-text CLI arguments is a risky practice as they may be captured in shell history (.bash_history), process monitoring tools (e.g., ps aux), or system logs.
[CREDENTIALS_UNSAFE]: The skill accesses sensitive wallet files located in ~/.aibtc/wallets.json and ~/.aibtc/wallets/*/keystore.json. While these are standard paths for the aibtcdev environment, they contain encrypted private keys and represent a sensitive data access surface.
[COMMAND_EXECUTION]: The auto command implements an autonomous rebalancer loop that monitors DeFi positions and executes on-chain transactions without per-transaction human confirmation. While the skill includes guardrails like slippage protection and cooldown periods, autonomous movement of funds carries inherent risk if the agent's logic or the external data it relies on is compromised.
[COMMAND_EXECUTION]: The skill utilizes PostConditionMode.Allow for Stacks transactions. This disables the network's automatic asset transfer protections, which the author states is necessary for the Bitflow DLMM contract's burn-and-mint mechanics. The skill attempts to mitigate this with contract-level slippage and fee checks.
[SAFE]: Network operations are restricted to established Stacks infrastructure, including the Hiro API and Bitflow Finance APIs, which are necessary for the skill's stated purpose of managing decentralized finance positions.

hodlmm-move-liquidity