ClawHub

0xArchive

v1.6.0

Query historical crypto market data from 0xArchive across Hyperliquid, Lighter.xyz, and HIP-3. Covers orderbooks, trades, candles, funding rates, open intere...

2· 581·1 current·1 all-time
by@0xfantommenace
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
stale
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description say it queries 0xArchive for market data and the only required secret is OXARCHIVE_API_KEY; this is proportionate and expected for an API-backed data-fetching skill. No unrelated binaries or credentials are requested.
Instruction Scope
SKILL.md contains detailed curl-based instructions and endpoint lists that stay within the stated purpose. One notable capability: endpoints such as GET /liquidations/user/{address} and order-history endpoints can return data tied to specific user addresses (potentially privacy-sensitive). The instructions do not direct the agent to read local files or other environment variables, but an agent using Bash and curl could be asked to fetch address-specific data if the user provides an address — consider that data sensitivity.
Install Mechanism
No install spec and no code files — instruction-only skill that relies on curl at runtime. This minimizes disk-write risk; nothing is downloaded or extracted.
Credentials
Only OXARCHIVE_API_KEY is required and declared as the primary credential, which is appropriate for calling the API. There are no unrelated required env vars or config paths.
Persistence & Privilege
The skill is not always-on and does not request elevated/persistent privileges or modify other skills' configs. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill appears coherent with its stated purpose, but take these precautions before enabling it: (1) Only provide a dedicated OXARCHIVE_API_KEY with minimal scope and revoke/rotate it if compromised. (2) Verify the skill's source/homepage — the registry metadata lists no homepage, so confirm you trust 0xArchive and the publisher before sharing a key. (3) Be cautious when asking the skill to query user-specific endpoints (e.g., liquidations for an address) because those queries can surface activity tied to an address — avoid providing sensitive addresses unless you intend it. (4) Because the skill uses curl via Bash, treat it like any integration that has network access: monitor usage, check rate limits and billing tied to your API key, and test in an isolated environment if you have concerns. If you want higher assurance, ask the publisher for a homepage or source repo and a description of API key scopes/permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk970qs092yatpjn17b9njqqptn846h2m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvOXARCHIVE_API_KEY
Primary envOXARCHIVE_API_KEY

Comments